IEC TR 62541-2 pdf download OPC Unified Architecture – Part 2: Security Model
4.2.2 Authentication Entities such as clients, servers, and users should prove their identities. Authentication can be based on something the entity is, has, or knows.
4.2.3 Authorization The access to read, write, or execute resources should be authorized for only those entities that have a need for that access within the requirements of the system. Authorization can be as coarse-grained as allowing or disallowing a client to call a server or it could be much finer grained, such as allowing specific actions on specific information items by specific users.
4.2.4 Confidentiality Data shall be protected from passive attacks, such as eavesdropping, whether the data is being transmitted, in memory, or being stored. To provide Confidentiality data encryption algorithms using special secrets for securing data are used together with authentication and authorization mechanisms for accessing that secret.
4.2.5 Integrity Receivers shall receive the same information that the sender sent, without the data being changed during transmission.
4.2.6 Auditability Actions taken by a system have to be recorded in order to provide evidence to stakeholders that this system works as intended and to identify the initiator of certain actions.
4.2.7 Availability Availability is impaired when the execution of software that needs to run is turned off or when software or the communication system is overwhelmed processing input. Impaired Availability in OPC UA can appear as slowing down of subscription performance or inability to add sessions for example.
4.3 Security threats to OPC UA systems
4.3.1 General OPC UA provides countermeasures to resist the threats to the security of the information that is communicated. The following subclauses list the currently known threats to environments in which OPC UA will be deployed. Following the subclauses that describe the OPC UA security architecture and functions, subclause 5.1 reconciles these threats against the OPC UA functions.
4.3.2 Message flooding An attacker can send a large volume of messages, or a single message that contains a large number of requests, with the goal of overwhelming the OPC UA server or components on which the OPC UA server may depend for reliable operation such as CPU, TCP/IP stack, Operating System, or the File System. Flooding attacks can be conducted at multiple layers including OPC UA, SOAP, [HTTP] or TCP.