Augmented Reality for Enterprise Alliance

Access Control – Monitoring & Analysis

Back to Infographic

Access Control

Access control for data and processes includes authentication and authorization. AR devices pose challenges in user authentication due to the new paradigms of user interaction. Voice, gestures, and gaze provide significant challenges to confidentiality and usability for maintaining strong passwords. Biometrics are not yet integrated into most hardware headsets. Biometrics and tokens may ultimately resolve authentication problems, but it will be complicated to integrate them into a company-wide policy.

Remote authentication of AR devices should follow IT or mobile authentication guidelines, for example NIST Special Publication SP-800-63-2.

Authorization should provide granularity to control the different data sets in the device.

Security Protection Levels

The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.

IEC security protection levels.

IEC Security Protection Level Description
SL1 Protection against casual violation
SL2 Protection against intentional violation using simple means
SL3 Protection against intentional violation using sophisticated means
SL4 Protection against intentional violation using sophisticated means with extended resources

 

The following items are required for SL >0

The following items are required for SL >1

The following items are required for SL >2

The following items are required for SL >3

Monitoring

AR devices need to provide integrity and audit information that includes significant system events. Depending on the requirements, this audit information should be protected cryptographically or utilize secure data storage mechanisms.

Security Protection Levels

The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.

IEC security protection levels.

IEC Security Protection Level Description
SL1 Protection against casual violation
SL2 Protection against intentional violation using simple means
SL3 Protection against intentional violation using sophisticated means
SL4 Protection against intentional violation using sophisticated means with extended resources

 

The following items are required for SL >1

The following items are required for SL >2