Design of a secure architecture for a distributed industrial data collection and storage system on the java platform
DOI:
https://doi.org/10.34185/1562-9945-4-165-2026-05Keywords:
microservices architecture, Security-by-Design, distributed systems, data protection, fault tolerance, mTLS, RBAC, event-driven architecture, data synchronizationAbstract
In the context of industrial digitalization, ensuring the integrity, availability, and security of technological data in the mining industry has become highly relevant. Recent studies indicate that the Security-by-Design concept is a fundamental principle for building modern information systems, while microservices and event-driven architectures enhance scalability and flexibility. Particular attention is also paid to Industrial IoT security, IEC 62443 standards, cryptographic protocols such as TLS, and modern authorization mechanisms.
The aim of this study is to design a secure distributed architecture for industrial data collection and storage on the Java platform, ensuring reliable data acquisition, fault-tolerant storage, and controlled access.
The research methodology includes systems analysis, threat modeling, architectural design, and analysis of modern distributed system approaches. A microservices-based architecture is proposed, implementing Security-by-Design principles, zone segmentation in accordance with IEC 62443, and the Zero Trust concept. Secure communication is achieved using TLS 1.3 with mutual authentication (mTLS), while access control is implemented via RBAC. Data exchange is organized using an event-driven architecture. To ensure data reliability, a hybrid storage model (offline-first) with replication and synchronization based on Event Sourcing and Change Data Capture is applied.
The results demonstrate improved fault tolerance, elimination of single points of failure, and continuous system operation under partial failures. The proposed architecture enhances data transmission security, ensures strict access control, and enables comprehensive auditing. The conclusions confirm the effectiveness of the microservices approach and modern security mechanisms for upgrading industrial systems and integrating them into enterprise IT infrastructures in accordance with Industry 4.0 requirements.
References
Azaryan, A.A., Azaryan, V.A., Morkun, V.S., Hrytsenko, A.M., & Trachuk, A.A. (2022). Operatyvnyi kontrol yakosti rud chornykh metaliv z vykorystanniam hamma-vyprominiuvannia [Operational quality control of ferrous metal ores using gamma radiation]. Hirnychyi Visnyk, 110, 13–22. https://doi.org/10.31721/2306-5435-2022-1-110-13-22
Richards, M., & Ford, N. (2020). Fundamentals of software architecture: An engineering approach. O’Reilly Media.
Dragoni, N., Giallorenzo, S., Lafuente, A. L., Mazzara, M., Montesi, F., Mustafin, R., & Safina, L. (2021). Microservices: Yesterday, today, and tomorrow. Springer.
Taibi, D., Lenarduzzi, V., & Pahl, C. (2020). Architectural patterns for microservices. Springer.
Kleppmann, M. (2017). Designing data-intensive applications: The big ideas behind reli-able, scalable, and maintainable systems. O’Reilly Media.
Kreps, J., Narkhede, N., & Rao, J. (2011). Kafka: A distributed messaging system for log processing. NetDB.
Carbone, P., et al. (2020). Apache Kafka: A distributed streaming platform.
Chen, Y., Meng, W., & Kwok, L. F. (2022). Industrial IoT security: A survey. Journal of Cybersecurity and Privacy (або інше джерело, якщо це стаття).
Zhang, Y., & Deng, R. H. (2021). Smart manufacturing security. Springer.
International Electrotechnical Commission. (2013). Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels (IEC 62443-3-3:2013).
International Electrotechnical Commission. (2019). Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components (IEC 62443-4-2:2019).
Rescorla, E. (2018). The Transport Layer Security (TLS) protocol version 1.3 (RFC 8446). IETF Datatracker. https://datatracker.ietf.org/doc/html/rfc8446
Hardt, D. (2012). The OAuth 2.0 authorization framework (RFC 6749). IETF Datatracker. https://datatracker.ietf.org/doc/html/rfc6749
Grassi, P. A. (2020). NIST digital identity guidelines (Special Publication 800-63-3). Na-tional Institute of Standards and Technology.
Humble, J., & Farley, D. (2021). Continuous delivery: Reliable software releases through build, test, and deployment automation. Addison-Wesley.
JumpMind. (2024). SymmetricDS user guide. https://www.symmetricds.org/doc/
Downloads
Published
Issue
Section
License
Copyright (c) 2026 System technologies
This work is licensed under a Creative Commons Attribution 4.0 International License.
