A configurable access control system for networked ... - Springer Link

Int J Adv Manuf Technol (2008) 39:1252–1261 DOI 10.1007/s00170-007-1292-5

ORIGINAL ARTICLE

A configurable access control system for networked manufacturing monitoring using XML Guodong Sun & Youping Chen & Zude Zhou & Zubing Min

Received: 29 April 2007 / Accepted: 18 October 2007 / Published online: 27 November 2007 # Springer-Verlag London Limited 2007

Abstract With the development of networked manufacturing, large amounts of real-time data in manufacturing process monitoring are transmitted and exchanged on the Web. Information security and assurance have to be taken into account, such as limiting the view of the intended audience to only relevant portions of the state data and operating the permitted devices or partial control units. This paper provides a secure framework based on role-based access control (RBAC) for networked manufacturing monitoring. In such a framework, fine-grained access control is accomplished by defining rules at the XPath-level of the real-time state data and control instructions documents, which are represented in the eXtensible Markup Language (XML) format. To achieve rolebased configuration, the monitored variables and client interface vary with the roles of the user logging into the monitoring server to create “need to know” protections on critical information. Keywords Access control . Role-based configuration . Networked manufacturing . Monitoring . XML

1 Introduction Mass customization and global economic collaboration drive product development and management beyond the internal enterprise to cover the whole product value chain. And efficient collaboration throughout the whole product life cycle covering engineering, ordering, purchasing, G. Sun (*) : Y. Chen : Z. Zhou : Z. Min Room 404, D8, Engineering Research Center of Numerical Control Systems, School of Mechanical Science and Engineering, Huazhong University of Science and Technology, Wuhan, Hubei 430074, People’s Republic of China e-mail: [email protected]

production, commissioning, and services becomes the key success factor [1]. The networks, including the Internet and the Intranet, play an important role in offering a highly efficient collaborative medium for geographically dispersed partners involved in this value chain. Especially in networked manufacturing monitoring, the real-time data which are obtained from multi-type sensors located in the manufacturing fields are expediently transmitted to relevant engineers away from the fields. With these data, all of the engineers are able to extract the appropriate information to examine working conditions, estimate product quality, improve process planning, detect equipment failure, and even write service manuals according to their roles. Everyone in the monitoring group, which is composed of operators, quality inspectors, designers, diagnostic experts, process planning engineers, and service technicians, needs to know only the minimal level of information that he or she requires to get their task done. For example, the operator of equipment A cares only about the information of equipment A and nothing about equipment B. Similarly, the quality inspectors may need to know the workpiece information, but should be prevented from controlling equipment. If they are all provided with the full information and authority, there will be some problems. Firstly, information confidentiality might be destroyed and the equipment might be operated illegally; all these would lead to economic losses or accidents. Secondly, it would become difficult and complex for workers to distinguish and analyze useful information due to the confusion of unnecessary data. Thirdly, the network flow might increase drastically because of transmitting unwanted information to uninterested workers. So it is very essential to take information assurance into account in network-based monitoring. In this paper, a secure framework based on role-based access control (RBAC) for networked manufacturing monitoring is proposed. In such a framework, fine-grained

Int J Adv Manuf Technol (2008) 39:1252–1261

access control is accomplished by defining rules at the XPath (XML Path Language, a standard for addressing parts of XML documents) [2] level of the real-time state data and control instructions documents, which are represented in XML (eXtensible Markup Language). This paper addresses a configurable approach to association state information with monitoring client interface, according to the roles of the user logging into the monitoring server. The client interface varies with the set of privileges regarding which monitored variables can be read only or both read and operated by this user. Figure 1 gives a diagrammatic sketch of the monitoring interfaces for different roles. A quality inspector can utilize the interface depicted in Fig. 1a to examine the specified state data (say, switch status of power, feed rate, and cutting temperature), but not to access the coordinates. Figure 1b gives the operator’s interface, which is composed of power switch, feed rate, and the coordinates. The cutting temperature may be inaccessible to the operator, but power switch and feed rate can be changed through the button and range switch on this interface, respectively. Therefore, the client interface is not only a platform for the state information’s display and operation, but it also functions as the carrier to enforce the access control policy and form a “restricted view” [3] in accordance with the roles. To deal with these scenarios, the rest of the sections of this paper are organized as follows. The related work is addressed in Section 2. Section 3 describes the overall architecture and working stages. Section 4 presents the proposed role-based configuration of the client interface. Section 5 describes the implementation of the secure framework. A summary of this work and directions for future work are provided in Section 6.

2 Related work 2.1 Collaborative engineering There has been a vast body of work on collaborative engineering across different stages of product life cycle management (PLM). Schilli and Dai [1] described collabFig. 1a, b Diagrammatic sketch of the monitoring interfaces for different roles. a Interface for a quality inspector. b Interface for an equipment operator

1253

orative life cycle management between suppliers and OEMs (original equipment manufacturers). Collaborative virtual testing (CVT) software was developed to help in screening out parts with unacceptable anomalies [4]. Wu et al. [5] proposed a PLM-oriented collaborative quality management system based on J2EE. Especially in the CAD stages, many systems have been developed, such as CyberReview [6] and CyberCAD [7]. Other works focused on workflows, knowledge management, and data sharing, like the CSCDE platform [8] and Web-based knowledge management systems [9]. The key technologies enabling these approaches include CORBA (Common Object Request Broker Architecture), Java, web services, and data exchange standards, such as STEP (STandard for the Exchange of Product Model Data) and XML. To provide information assurance in CAD and collaborative design contexts, some research results on access control have been reported. Cera et al. [10] developed a new technique for role-based viewing in a collaborative 3D assembly design environment where individual users could only see the model at the level of detail at which they were permitted to see. 2.2 Network-based monitoring Recently, many researchers have concentrated their efforts on Web-based or Internet-based monitoring systems, which are implemented in various projects, such as elevators [11], power equipment [12], vehicle performance [13], NC machines [14, 15], heat exchange systems [16], and temperature [17]. Besides, some works have focused on improving the monitoring performance. Ong and Sun [18] adopted mobile agent technology to overcome the limitations of net-bandwidth. Ge et al. [19] proposed a data compressing technique for Internet-based manufacturing monitoring using a kernel-based method. Unfortunately, most of these works have been oriented towards a specific application or a specific type of device. As a result, these developed systems cannot be reused. Later, a configurable monitoring system is proposed in order to shorten the development cycle and reduce software development cost. Zhang et al. [20] proposed a configurable

1254

industrial process monitoring system (PMS) platform, with which the user could customize specific PMSs for various devices at the design stage. At the running stage, the builder loaded configured information to reconstruct the server and clients, which would communicate with one another. One of the common drawbacks shared by all of these systems is that they pay little attention to information protection. Some systems implement access control by IP addresses or users’ information (e.g., username and password), but they do not offer alternatives to the problem of “all-or-nothing” feature suppression when a lack of full permissions exists. To overcome the aforementioned drawbacks, this paper proposes a role-based monitoring system using fine-grained access control.

Int J Adv Manuf Technol (2008) 39:1252–1261

can be finely exploited to restrict the scope of a user’s access to only limited documents or, if necessary, even parts of a document. As shown in Fig. 2, because a miller operator cares only about the miller information regarding dimensions, range of spindle speeds, power of the spindle motor, spindle speed, feed rate, and so on, his restricted view illustrated in Fig. 2b might not contain some nodes, such as manufacturer, weight, program format, cutting force, temperature, and all of the nodes whose equipment type is lathe. As a quality inspector is not authorized to operate the miller using the “set” tag, his restricted view given in Fig. 2c might only include all of the child nodes of the “get” tag. 2.4 Access control

2.3 Restricted views of XML documents XML, whose main quality is to be both human- and machine-readable, makes it possible to model and organize data hierarchically in terms of XML schemas, to exchange data easily over different platforms, and to handle data efficiently with a very large panel of available tools (XSLT, SAX, DOM, etc.) [21]. Moreover, XML integrates security features, such as digital signatures and encryption. All of these features allow the definition of customizable, finegrained, i.e., at the XML element level, security policies. Thanks to these benefits, Gummadi et al. [3] proposed the concept of “restricted views” to enforce security at different levels of the document hierarchy. The basic XML structure Fig. 2a–c Restricted views of an equipment operator and a quality inspector. a Original document. b Restricted view of an equipment operator. c Restricted view of a quality inspector

Access control is a mechanism by which a system grants or revokes the right to access data or perform actions to a user [3], which is often implemented using access control lists (ACL) or access control matrices [22, 23]. Access control policies commonly found in contemporary systems can be classified into three categories: discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC) [10]. The RBAC model consists of a set of users, roles, and permissions (operations on resources). The originality of the RBAC model is that permissions are not granted to users but to roles, thus, allowing an easy reconfiguration when a user changes his or her activity. Additionally, the introduction of role

Int J Adv Manuf Technol (2008) 39:1252–1261

hierarchies makes it possible to considerably reduce the amount of associations representing permissions to users’ allocations [21]. Therefore, the RBAC model is more attractive than DAC and MAC. And these features have made numerous software products support RBAC currently.

3 System architecture and working stages Networked manufacturing monitoring is a combined hardware and software system which provides the staff of enterprises located in different areas with a platform of management, monitoring, evaluation, and diagnosis for manufacturing equipment. In this section, the system architecture and its working stages are discussed. 3.1 System architecture The overview of the system architecture is illustrated in Fig. 3. The proposed monitoring system consists of three parts on the whole: data acquisition, servers, and clients. The data acquisition subsystem builds a bridge between the monitored machines and the monitoring server. On one hand, it collects state data from all kinds of sensors, preprocesses the data, and transmits it to the monitoring server; on the other hand, the controlling instructions from the monitoring server are transferred to different kinds of machines through high-performance field buses in the data acquisition module. The detected signals include rotating speed signal, vibration signals (e.g., acceleration, velocity, and displacement), and process signals (e.g., temperature and pressure). In practice, video-conferencing packages are employed to achieve dynamic images, which can provide more information about the machines’ status besides those from the sensors [18]. The servers include an authentication server and a monitoring server. Access control assumes that the authentication of users has been verified. The authentication server is used to correctly determine the identity of a user,

Fig. 3 System architecture

1255

who is trying to access data on the monitoring server. The monitoring server provides a data server and a web server for all of the clients, together with a configuring tool for the administrator. The data server communicates with the monitoring components in client-side browsers in order to send state data or receive control instructions documents. The web server accepts the HTTP requests from clients, then it generates specified monitoring interfaces based on the roles of clients, and finally sends them to the client-side browsers. Each of the clients, regardless of via the Intranet or the Internet, communicates with the web server based on a browser/server framework to fetch its own monitoring interface. Once the monitoring interface is running on the client-side browser, it will communicate with the data server through the other channel. The browser, such as Internet Explorer (IE), which has usually been installed and configured on the users’ desktop operating systems, acts as the client-side software. So the framework greatly reduces the cost and the number of cycles of system development. 3.2 System working stages In order to achieve role-based configuration of a client-side monitoring interface, the system state is divided into two levels: configuration stage and running stage, as shown in Fig. 4. In the configuration stage, the administrator can design various monitoring systems for different users by using the configuring tool. Firstly, logical devices, which are associated with the device data interface (DDI) [20] dynamic link libraries (DLL), can be specified, and then a data dictionary can be identified according to these logical devices. All of the variables in the specified data dictionary act as the objects for access control. Moreover, the roles and users can be created. Next, all of the users are assigned to specified roles. Then, access control policies can be defined by associating defined roles with the variables in a specified data dictionary and the monitoring components’ names, which identify the components in the library. According to the types of monitored variables and the permission levels with which the specified role is authorized to access these variables, the monitoring components can be assigned to all

Fig. 4 Two stages of the configurable system

1256

of these variables. Lastly, the corresponding configuration files formatted in XML are generated by the configuring tool. The configuration files comprise DDI configuration, access control configuration, and monitoring component configuration. The DDI configuration associates the DDI DLLs with the logical devices’ names, the access control configuration describes the access control policies, and the monitoring component configuration associates the monitoring components in the component library with these components’ names. In the running stage, the data server in the monitoring server will load the configuration files and the corresponding DDI DLLs according to logical devices. By the DDI, the data server communicates with the specified devices, collecting their state data and controlling their actions periodically. All of the real-time data, including state and control information, are saved in the XML document illustrated in Fig. 2a. Once the first real-time XML document is completed, the data server will start the data service for the data query and controlling requests from the monitoring interfaces on a new communication port. When a later realtime XML document is incoming, the old XML document will be dumped to the database so that these historical data can be inquired expediently afterwards. If the data server finishes initializing successfully, the monitoring server will launch the web server to listen to HTTP requests from the clients. When receiving any request, the web server will firstly dispatch the request to the authentication server. If the user’s authenticity is validated by the authentication server, then by the configuration files the web server will identify his roles, all of the available variables, and the permissions on these variables in accordance with the user. And then it will generate a corresponding monitoring interface for the user. The customized interface is composed of a template class for communication and various monitoring components, which are associated with monitored variables. Next, the web server will send the resultant monitoring interface to the corresponding client by HTTP. After having been downloaded from the web server, the customized interface will run automatically on the client side. Subsequently, it will communicate with the data server. Once any one of these monitored variables is changed, the monitoring interface will get the state data from the data server using the “get” tag immediately. These state data for the specified client come in form of an XML document, which is a restricted view of the real-time XML document in the monitoring server, which will drive the corresponding monitoring components to display the device status. When a control instruction in the form of an XML document is produced by handling the components, the monitoring interface will deliver it to the data server using the “set” tag. After that, the control instruction will modify the real-time XML document in the monitoring server and

Int J Adv Manuf Technol (2008) 39:1252–1261

operate the remote devices indirectly through calling the DDI by the monitoring server. In order to prevent several clients from adjusting identical control parameters concurrently, resulting in misuse failure, the data server has provided the exclusive lock for the real-time XML document to ensure that only one client can amend the specified control parameter at the same time.

4 Role-based configuration of client interface In the proposed role-based configuration system, different users are provided with different client interfaces, which encapsulate varied state variables, control parameters, and operation permissions on these variables determined by the users’ roles. The following sections present the technical development of the interface configuration based on the roles. 4.1 Role-based configuration model The RBAC model consists of a set of users, roles, and permissions on objects. Compared with the general RBAC model, the role-based configuration model shown in Fig. 5 is more complex in the relations of users, roles, and monitoring interfaces. Roles, R={r0, r1,..., rm}, are abstract objects which define both the specific users allowed to access objects and the extent to which the objects are accessed. All of the staff working on the monitoring platform (equipment operators, process engineers, quality inspectors, diagnostic experts, and service technicians, etc.) correspond to a set of users U={u0, u1,..., un}, each of which will be assigned to a set of roles. The user–role assignment, UR, is a many-to-many relation of users to roles: UR⊆U×R. Monitoring interfaces, MI={mi0, mi1,..., mik}, do not only correspond with the variables, V={v0, v1,..., vk1}, but they also have a close relationship with the monitoring components, C={c0, c1,..., ck2}.

Fig. 5 Users, roles, and interfaces

Int J Adv Manuf Technol (2008) 39:1252–1261

Fig. 6a, b Bitmaps for the relation between components and variables. a Bitmap for a quality inspector. b Bitmap for an equipment operator

As shown in Fig. 1, having been authorized to read the coordinates v0, control the power status v1, and feed rate v2, but not to access the cutting temperature v3 of the monitored equipment, the role of an equipment operator will receive two controllable components: button component c0 for v1, range switch c1 for v2, and one measuring component: a read-only text component c2 to display v0. But the operator’s interface does not contain thermometer component c3 for v3. As the role of a quality inspector needs to know power status v1, feed rate v2, and cutting temperature v3 except the coordinates v0, but not to control the two variables v1 and v2, his interface is composed of an indicating lamp component c5 for v1, a simple read-only text component c4 for v2, and a thermometer component c3 for v3. However, the text component c2 for coordinate v0 is excluded in the quality inspector’s interface. The relation between components, C={c0, c1, c2, c3, c4, c5}, and variables, V={v0, v1, v2, v3}, can be represented by the bitmaps [3] in Fig. 6. Figure 6a gives the bitmap of quality inspectors, and the bitmap in Fig. 6b is for the role of operators. The presence of 1 locating in row i (i=0, 1,..., k2) and column j (j=0, 1,..., k1) represents that the variable vj available for the role can be shown by the component ci, which indicates the permissions on the variable by providing different graphical elements. Furthermore, the bitmap must conform to the rule: the number of 1s in each column is not more than one. When the number is one and the cell Eij in row i and column j presents as 1, the server will send the component ci to the client; if the number is zero, none of the components will be sent. Otherwise, the server cannot determine which one of these components should be sent to present the specified variable vj. Therefore, the variable–component assignment, VC, is also a many-to-many relation of variables to components: VC⊆V×C , which plays the role of MI in a role-based configurable system. The monitoring interface for a specified role is composed of all of the presences of 1 in this role’s bitmap, i.e., ∀r∈R, MIr={vcij|vcij =1, i=0, 1,..., k2, j=0, 1,..., k1}. As the real-time state data are organized in XML format, all of the variables are able to be identified by their XPath expression uniquely. In Fig. 2a, the XPath

1257

expression as “/equipments/equipment[type=‘miller’]/get/ feed-rate” will select the feed rate element, which represents the feed rate of the milling machines. Utilizing XPath expressions, the set of variables, V={v0, v1,..., vk1} will be transformed into the set of XPath expressions, P={p0, p1,..., pk1}. And the XPath–component assignment, PC, instead of VC, is a many-to-many relation of XPath expressions to components: PC⊆P×C. Additionally, the column heading vj ( j=0, 1,..., k1) in bitmaps can be replaced with pj. In Fig. 6, each bitmap also represents the relationship between variables’ XPath expressions and components corresponding to this role. And by assigning the relation PC to all of the roles, a cube representation [3] for the relationship among XPath expressions, components, and roles is then formed. In the cube illustrated in Fig. 7, the plane consisting of pj (j=0, 1,..., k1) and ci (i=0, 1,..., k2) is the bitmap of rk (k=0, 1,..., m). So the interface–role assignment, IR, is equal to the PC–role assignment, i.e., IR⊆P×C×R. 4.2 Representation of the cube in an XML document In order to enforce the access control policies described as the cube discussed above, the relationship among the quadruple (users, roles, XPath expressions, components) should be defined in the configuration stage. The XML document for the access control policies shown in Fig. 8 is used to represent the cube which contains the two bitmaps shown in Fig. 6. Firstly, the users and roles, which are identified by the attribute “id”, are defined by using the user and role tags, respectively. In users defining, the public keys of users can be represented by the public-key tag in order to achieve security features, such as authentication, digital signature, and encryption. The junior-role tags in roles defining are used to introduce role hierarchies, which can take advantage of such a specification. For example, the access control policies for a child role are applicable to all of the parent roles in order to considerably reduce the amount of

Fig. 7 Cube for relation among components, XPath expressions, and roles

1258

Int J Adv Manuf Technol (2008) 39:1252–1261

document for access control, a special configuring tool using DOM (the Document Object Model) [21] technique is developed for the administrator. 4.3 Handling conflicts Conflicts could arise because of a lot of factors. When a user is associated with more than one role, or an associated role contains junior roles, a conflicting situation might happen and these conflicts should be resolved explicitly. The compositive bitmap of the user could be easily derived by doing an OR operation on the bitmaps of all of the roles assigned. But the rule that the number of 1s in each column is not more than one might be broken by the new bitmap and the conflict arises. Hence, when the number of 1s in a certain column is more than one, the first presence of 1 remains on behalf of the component which has the highest permission on the variable indicated by the certain column, and the others are cleared to 0. Having processed all of the columns in this way, the resultant bitmap comes into being without any conflicts. Figure 9 gives an example of a user associated simultaneously with the quality inspector and operator roles, whose bitmaps are shown in Fig. 6. Conflicts occur in the second and third columns of the conflictive bitmap in Fig. 9a after the OR operation. Because the components of c0 and c1 have higher authority on the variables of v1 and v2 than c5 and c4 respectively, the resultant bitmap of the multiple roles selects the components of c0 and c1 (see Fig. 9b). 4.4 Generating the role-based interface Fig. 8 Representation of the cube in an XML document

associations representing permissions to users’ allocation. As shown in Fig. 8, the admin role has two child roles: operator role and inspector role. Secondly, the XPath– component assignment is described by the interface tags, in which the path tag denotes the XPath expression of the variable and the component tag denotes the component name. The attribute “op” of the interface tag associates the component tag with the path tag according to the permissions of the component on the variable indicated by path tag. It indicates that the component is only able to read the variable when attribute “op” equals “r”. If attribute “op” is “rw”, the component can not only read the variable, but it can also change it. For instance, the interface node whose “id” equals “3” means that the range switch can be used to control the feed rate besides read. Finally the userassignment and interface-assignment tags are used to map users and interfaces to roles by their id references, respectively. Consequently, the cube is specified in the XML document hierarchically. In order to generate the XML

To generate the role-based interface, the web server collects the correlative components according to the roles of the user logging from the client-side browser and then encapsulates these components into a template class, which provides the additional communication interface for the state and control data exchange between the data server and the clients. Subsequently, the web server perfects automatically the two functions of the template class: getData() and setData(). By the function getData(), the client can get state data from the data server and dispatch them to the relevant

Fig. 9a, b Conflict resolution in case of multiple roles. a Conflictive bitmap. b Resultant bitmap

Int J Adv Manuf Technol (2008) 39:1252–1261

components; by the function setData(), the changed state data and control instruments, which are brought about by the events of components, can refresh the real-time data in the data server. Having completed the template class, the web server will compile the class, pack, and digitally sign the object files, and then send them to specified client-side browser using applet technology. After having been downloaded as an applet from the web server, the monitoring interface in accordance with the client role will appear on the client-side browser.

5 Implementation and results A prototype system has been implemented in accordance with the approach described in this paper. The data server program and some typical components, such as range switch, indicating lamp, and thermometer, have been developed by using Java2. To acquire in real time and access directly the Fig. 10a–c Three screen shots of different monitoring clients. a Monitoring interface for Alice. b Monitoring interface for Tom. c Monitoring interface for Mike

1259

registers of devices, such as a programmable logic controller (PLC) and a PC card, every specified DDI has been developed as a DLL with Microsoft Visual C++ 6.0. Each DLL provides the three basic functions: devInit(), devRead(), and devWrite(). The function devInit() is used to set the device up, initialize the relevant registers and variables, and associate them. The function devRead() can read periodically state values from the device registers and assign them to the corresponding variables. The new values of the variables can be written into the corresponding registers to control the device by calling the function devWrite(). Whereas the interface functions of DDI DLLs can’t be invoked directly by the data server program in Java, these interface functions of each DDI DLL have been encapsulated into native methods of a new DLL, which observes a naming convention (called name mangling) on native methods. The data server program adopts the Java Native Interface (JNI) technology to invoke the native methods. The configuring tool and web server program have been built with JBuilder 9,

1260

into which Tomcat 4.0.6 is integrated. Therefore, the web server program can be deployed in Tomcat through JBuilder expediently. To test the proposed approach, a CNC miller ZJK7532A-1 produced by the Huazhong Numerical Control Company for teaching and research acted as the lower-layer equipment and provided the state data for the monitoring server. The four state variables described in Fig. 1 were monitored in realtime. The power status, feed rate, and coordinates could be obtained from the NC system, and the cutting temperature was acquired by the thermal couple. The RBAC configuring document in XML given in Fig. 8 and other configuration files had been generated by the configuring tool before. When the data server and web server in the monitoring server were started up, three users requested access concurrently from different clients with the usernames Alice, Tom, and Mike, respectively. According to the access control configuration, the web server knew that Alice held a quality inspector role, Tom was associated with the operator role, and Mike was an administrator. Next, the web server obtained the relevant roles’ bitmaps. As the admin role was multiple roles, a conflict arose and was handled (see Fig. 9). According to the three bitmaps, three customized interfaces were generated and sent to their respective clients. Their browsers are shown in Fig. 10. When Tom operated the range switch to change the feed rate, Tom’s client sent the new feed rate to the data server. Once the data server changed the feed rate of the miller by DDI, the feed rates in all of the clients were updated shortly after. Alice did not modify these control parameters, while Mike could not only do all what Tom could do, but he could also check the cutting temperature.

6 Conclusions and future work The architecture of a configurable access control system for networked manufacturing monitoring has been presented and a simplified implementation has been described. The relationship among the users, roles, and XPath expressions of monitored variables and monitoring components is represented as a cube model. And a simple method is discussed to handle the conflicts resulting from the introduction of role hierarchies. According to the access control policies defined in the configuration stage, rolebased monitoring interfaces are generated for clients. These components in monitoring interfaces indicate the variables available for the specified role and the permissions on these variables. Therefore, fine-grained access control is achieved and all of the users are only provided with the minimal level of information that he or she requires to finish their work; all these assure the information security. Moreover, all of the configuration files and real-time data are

Int J Adv Manuf Technol (2008) 39:1252–1261

formatted in XML, so it is very easy for programmers to process them with XML tools. The prototype has validated the proposed architecture and the results achieved are considered as satisfactory. This paper focuses on access control. Access control assumes that the authentication of users has been verified. Authentication services are used to correctly determine the identity of a user. If the authentication mechanism of a system has been compromised, then the access control mechanism which follows will certainly be compromised. Thus, our future work will focus on how to utilize the authentication mechanism in the proposed framework.

References 1. Schilli B, Dai F (2006) Collaborative life cycle management between suppliers and OEM. Comput Ind 57:725–731 2. Jeon JM, Chung YD, Kim MH, Lee YJ (2004) Filtering XPath expressions for XML access control. Comput Secur 23:591–605 3. Gummadi A, Yoon JP, Shah B, Raghavan V (2003) A bitmap-based access control for restricted views of XML documents. In: Proceedings of the 2003 ACM Workshop on XML Security (in Association with the 10th ACM Conference on Computer and Communications Security), Fairfax, Virginia, October 2003, pp 60–68 4. Abdi F, Zadeh S, Shahab M, Ragalini R (2004) Collaborative virtual testing for manufacturing and life cycle management. In: Proceedings of SAMPE 2004, the Society for the Advancement of Material and Process Engineering, Covina, California, May 2004, pp 2515–2526 5. Wu J, Deng C, Shao X, You B (2006) PLM-oriented collaborative quality management. J Huazhong Univ Sci Technol 34:74–76 (in Chinese) 6. Huang GQ (2002) Web-based support for collaborative product design review. Comput Ind 48:71–88 7. Tay FEH, Roy A (2003) CyberCAD: a collaborative approach in 3D-CAD technology in a multimedia-supported environment. Comput Ind 52:127–145 8. Woerner J, Woern H (2005) A security architecture integrated co-operative engineering platform for organised model exchange in a digital factory environment. Comput Ind 56:347–360 9. Yoo SB, Kim Y (2002) Web-based knowledge management for sharing product data in virtual enterprises. Int J Prod Econ 75:173–183 10. Cera CD, Kim T, Han JH, Regli WC (2004) Role-based viewing envelopes for information protection in collaborative modeling. Comput Aided Des 36:873–886 11. Hui SC, Leung MKH, Wang F (2004) Eleview: remote intelligent elevator monitoring system. Int J Comput Appl 26:111–118 12. Teng JH, Tseng CY, Chen YH (2004) Integration of networked embedded systems into power equipment remote control and monitoring. In: Proceedings of the IEEE Region 10 Conference (TENCON 2004): Analog and Digital Techniques in Electrical Engineering, Chiang Mai, Thailand, November 2004, pp 566–569 13. Jenkins W, Lewis R, Lazarou G, Picone J, Rowland Z (2004) Real-time vehicle performance monitoring using wireless networking. In: Proceedings of the 3rd IASTED International Conference on Communications, Internet, and Information Technology (CIT 2004), St. Thomas, US Virgin Islands, November 2004, pp 375–380 14. Zhang J, Gao L, Cui L, Li X, Wang Y (2006) Research on remote monitoring and fault diagnosis technology of numerical control machine. J Wuhan Univ Technol 28:748–752

Int J Adv Manuf Technol (2008) 39:1252–1261 15. Ferraz Jr F, Coelho RT (2005) Data acquisition and monitoring in machine tools with CNC of open architecture using internet. Int J Adv Manuf Technol 26:90–97 16. Liu G, Tang T, Liu L (2005) Study on the Web based remote monitoring and controlling system for heat exchanger. In: Proceedings of the IEEE International Symposium on Communications and Information Technologies (ISCIT 2005), Bejing, China, October 2005, pp 1254–1257 17. Crowley K, Frisby J, Murphy S, Roantree M, Diamond D (2005) Web-based real-time temperature monitoring of shellfish catches using a wireless sensor network. Sens Actuators A Phys 122:222–230 18. Ong SK, Sun WW (2003) Application of mobile agents in a web-based real-time monitoring system. Int J Adv Manuf Technol 22:33–40 19. Ge M, Xu Y, Tarn TJ (2004) Kernel-based data compression for internetbased manufacturing monitoring. Int J Adv Manuf Technol 24:693–699

1261 20. Zhang G, Chen Y, Yuan C, Zhou Z (2006) Configurable monitoring system for industrial process control. Int J Adv Manuf Technol 29:336–341 21. Cridlig V, State R, Festor O (2005) An integrated security framework for XML based management. In: Proceedings of the 9th IFIP/IEEE International Symposium on Integrated Network Management (IM 2005), Nice, France, May 2005, pp 587–600 22. Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19:461–471 23. Thomas RK (1997) Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the 2nd ACM Workshop on RoleBased Access Control (RBAC’97), Fairfax, Virginia, November 1997, pp 13–19