Role-based access control for substation automation systems using XACML

There has been an increasing need for accessing data of internal equipment and devices of a substation system from external systems as power grids evolve. This has also introduced growing concerns on data security. In response to the concerns, IEC 62351 has proposed role-based access control (RBAC) for substation automation. In this work, we present a novel approach for implementing RBAC based on IEC 62351 for substation automation using eXtensible Access Control Markup Language (XACML). We integrate the approach with IEC 61850 by extending Abstract Communication Service Interface (ACSI), Manufacturing Message Specification (MMS), and System Configuration Language (SCL). A major advantage of the approach is that it fully conforms to both IEC 61850 and IEC 62351 and highly compatible with SCL as both XACML and SCL are XML-based. We implement the approach using OpenIEC61850 which is an open source library for ACSI services and demonstrate the implementation. (C) 2015 Elsevier Ltd. All rights reserved.