TY - JOUR
T1 - IIoT’s Risk Odyssey: Navigating the Risk Propagation of Illegal Information Flows
AU - Anagnostopoulou, Argiro
AU - Mavridis, Ioannis
AU - Athanasopoulos, Michael
AU - Mylonas, Alexios
AU - Gritzalis, Dimitris
N1 - © 2025 The Author(s). This is an open access article distributed under the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/
PY - 2025/3/28
Y1 - 2025/3/28
N2 - Industrial Internet of Things (IIoT) refers to a broad network of low-cost, interconnected devices, including actuators, programmable logic controllers (PLCs), and sensors. Such environments are characterized by the vast amount of data exchanged among a wide range of devices, applications, and services. The scalability and decentralized nature of IIoT introduces considerable challenges for traditional security mechanisms. As a result, it is crucial to establish more robust security measures, enforce more effective access control policies, and efficiently manage information flows within business processes. In our prior research, we introduced a methodology for the assessment of information flows in IIoT environments and the detection of the illegal ones. Specifically, we utilized a risk-based methodology to model complex business processes as directed graphs. This approach enabled us to thoroughly analyze the interdependencies among participating objects. Through this analysis, we aimed to identify objects that are susceptible to initiating or being influenced by illegal information flows. In our current study, we investigate the propagation of the risk of illegal information flows within and across business processes. Finally, we apply centrality metrics to identify critical objects that require more efficient access control rules and policies in order to mitigate illegal information flows within the IIoT network. To the best of our knowledge, no previous research has explored the concept of risk-based detection of illegal information flows and examined potential propagation of risk in industrial environments.
AB - Industrial Internet of Things (IIoT) refers to a broad network of low-cost, interconnected devices, including actuators, programmable logic controllers (PLCs), and sensors. Such environments are characterized by the vast amount of data exchanged among a wide range of devices, applications, and services. The scalability and decentralized nature of IIoT introduces considerable challenges for traditional security mechanisms. As a result, it is crucial to establish more robust security measures, enforce more effective access control policies, and efficiently manage information flows within business processes. In our prior research, we introduced a methodology for the assessment of information flows in IIoT environments and the detection of the illegal ones. Specifically, we utilized a risk-based methodology to model complex business processes as directed graphs. This approach enabled us to thoroughly analyze the interdependencies among participating objects. Through this analysis, we aimed to identify objects that are susceptible to initiating or being influenced by illegal information flows. In our current study, we investigate the propagation of the risk of illegal information flows within and across business processes. Finally, we apply centrality metrics to identify critical objects that require more efficient access control rules and policies in order to mitigate illegal information flows within the IIoT network. To the best of our knowledge, no previous research has explored the concept of risk-based detection of illegal information flows and examined potential propagation of risk in industrial environments.
U2 - 10.1109/ACCESS.2025.3555873
DO - 10.1109/ACCESS.2025.3555873
M3 - Article
SN - 2169-3536
VL - 13
SP - 59422
EP - 59445
JO - IEEE Access
JF - IEEE Access
ER -