Modern industrial systems are enriched by cyber–physical devices and interconnections with business processes that enable flexible production, remote monitoring, control and maintenance. These systems are typically subject to multiple authorities which must cooperate with each other, as in the case of segmented industrial environments and supply chains. In similar contexts, voluntary or unintentional damages may be caused by cyber attacks or by misbehaving authorized parties. We propose an original architecture that regulates accesses to industrial systems’ resources through authorization delegation procedures. It guarantees several benefits that include the possibility of auditing authorizations released by delegated third parties, of detecting misconducts and possible attacks, and of assuring attribution of misconducts. The proposed solution is compatible with constraints characterizing industrial environments and with security and performance requirements of industrial architectures. The performance and latencies of the auditing mechanisms are evaluated through a prototype.

网络工业设备和与业务流程的互连丰富了现代工业系统，从而实现了灵活的生产，远程监控，控制和维护。这些系统通常受制于多个机构，这些机构必须相互配合，例如在细分的工业环境和供应链中。在类似的情况下，自愿或无意的损害可能是由于网络攻击或行为不当的授权方造成的。我们提出了一种原始架构，该架构通过授权委派程序来规范对工业系统资源的访问。它保证了多种好处，包括审核委托的第三方发布的授权，发现不当行为和可能的攻击以及确保归因于不当行为的可能性。提出的解决方案与表征工业环境的约束条件以及工业体系结构的安全性和性能要求兼容。审核机制的性能和等待时间通过原型进行评估。