The Industry 4.0 revolution relies heavily on data to generate value, innovation, new services, and optimize current processes [1]. Technologies such as Internet of Things (IoT), machine learning, digital twins, and much more depend directly on data to bring value and innovation to both discrete manufacturing and process industries. The origin of data may vary from sensor data to financial statements and even strictly confidential user or business data. In data-driven ecosystems, collaboration between different actors is often needed to provide services such as analytics, logistics, predictive maintenance, process improvement, and more. Data therefore cannot be considered a corporate internal asset only. Hence, data needs to be shared among organizations in a data-driven ecosystem for it to be used as a strategic resource for creating desired values, innovations, or process improvements [2]. When sharing business critical and sensitive data, the access to the data needs to be accurately controlled to prevent leakage to authorized users and organizations. 

Access control is a mechanism to control actions of users over objects, e.g., to read, write, and delete files, accessing data, writing over registers, and so on. This thesis studies one of the latest access control mechanisms in Attribute Based Access Control (ABAC) for industrial data sharing. ABAC emerges as an evolution of the commonly industry-wide used Role-based Access Control. ABAC presents the idea of attributes to create access policies, rather than manually assigned roles or ownerships, enabling for expressive fine-granular access control policies. Furthermore, this thesis presents approaches to implement ABAC into industrial IoT data sharing applications, with special focus on the manageability and granularity of the attributes and policies.  The thesis also studies the implications of outsourced data storage on third party cloud servers over access control for data sharing and explores how to integrate cryptographic techniques and paradigms into data access control. In particular, the combination of ABAC and Attribute-Based Encryption (ABE) is investigated to protect privacy over not-fully trusted domains. In this, important research gaps are identified. 

In the Industry 4.0 era, secure and efficient data sharing is vital for innovation and operational enhancement. Industry 4.0 envisions a highly connected ecosystem where machines, devices, and stakeholders collaborate in real time to optimize processes, enhance productivity, and create new value propositions. However, this surge in data-driven collaboration brings forth a critical challenge, ensuring the secure and controlled sharing of sensitive information. As organizations embrace the potential of Industry 4.0, the need for robust mechanisms to achieve key data security properties of data integrity, confidentiality, and availability, while enabling efficient data exchange becomes paramount. However, while the promise of Industry 4.0 presents promising opportunities, it also introduces a set of challenges intrinsic to data security solutions. These solutions, while promising in providing fine-grained data security, introduce complexities such as administrative overhead and substantial management efforts for the users. Striking a balance between robust security and operational ease is critical for enabling seamless data exchange within the evolving landscape of Industry 4.0.

This thesis explores the realm of Attribute-based approaches to achieve the desired secure data sharing, pivotal in the digitized Industry 4.0 environment.  An overarching objective is to achieve compatibility of these data-securing mechanisms with the Industry 4.0 paradigms through the usage of attribute-based approaches. This includes the exploration of the existing solutions within the state-of-the-art and its analysis in the context of usability and practicality for industrial adoption. 

Access control entails the establishment of policies and mechanisms to regulate who can access specific resources or information, under what conditions, and to what extent. The study will delve into various access control models and their applicability, with a particular emphasis on Attribute-Based Access Control. Moreover, through the creation of proofs-of-concepts implementations, we explore the usability of Attribute-based Access Control (ABAC) models and policy languages, applied to different aspects of the data-sharing process.  Manageability, user-friendliness, and fine-granularity of the access control were identified as key properties for the usability of data securing technologies in industry. Hence, discovering and addressing challenges for such properties is of special focus for this thesis. 

In addition, this thesis explores attribute-based encryption techniques, seeking to augment data security while minimizing additional operational complexities. Moreover, this thesis also explores the implications of third-party cloud services, popular in Industry 4.0 environments, as well as third-party stakeholder data sharing to motivate the need to ensure both in-transit and at-rest data security.

This thesis makes significant contributions in the domain of secure data sharing in Industry 4.0. First, it contextualizes access control within the broader data security landscape and explores state-of-the-art Attribute-Based Access Control policy languages. The research designs, evaluates, and automates ABAC models to address fine-granularity and manageability gaps, with a focus on user-friendliness for industrial adoption. Furthermore, it proposes and implements an automated management solution for integrating new data sources in Service-Oriented Architecture (SOA) industrial data-sharing applications, within the Eclipse Arrowhead Framework. This includes the innovative proposal of contractual automation of access control policies to enhance efficiency and security. 

Moreover, the research delves into the realm of attribute-based encryption approaches, conducting a state-of-the-art exploration and gap analysis, with a special focus on uncovering the adoption barriers associated with this technology.  Lastly, the thesis designs, implements, and evaluates an ABAC-Enabled ABE solution architecture, covering the discovered gaps, and offering an expressive and user-friendly approach to secure data sharing. These contributions collectively advance the field of data security and access control in the context of Industry 4.0 and similar evolving industrial landscapes

The research indicated that Attribute-based approaches hold promise for practical data protection at rest through access control mechanisms, especially within fine-grained policies. The study explores ABAC in a graph-based policy language, Next-generation Access Control (NGAC), showcasing its potential for reducing administrative workload related to policy management. Simplified policy creation and expression enhance the ease of model implementation. These insights extend to ABE, highlighting the value of delegating attribute management for reduced administrative complexity and improved expressiveness within ABE schemes. This approach allows for automation techniques developed for ABAC policy management to be translated into ABE schemes.