41,367 research outputs found
Defending Against Firmware Cyber Attacks on Safety-Critical Systems
In the past, it was not possible to update the underlying software in many industrial control devices. Engineering
teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided
significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and
bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are
identified in existing devices; they can be distributed by physical media but are increasingly downloaded over
Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications,
which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections
explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the
code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where
the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack
on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions,
including firmware hashing, must be augmented by organizational measures to secure the supply chain within
individual plants, across companies and throughout safety-related industries
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Design Criteria to Architect Continuous Experimentation for Self-Driving Vehicles
The software powering today's vehicles surpasses mechatronics as the
dominating engineering challenge due to its fast evolving and innovative
nature. In addition, the software and system architecture for upcoming vehicles
with automated driving functionality is already processing ~750MB/s -
corresponding to over 180 simultaneous 4K-video streams from popular
video-on-demand services. Hence, self-driving cars will run so much software to
resemble "small data centers on wheels" rather than just transportation
vehicles. Continuous Integration, Deployment, and Experimentation have been
successfully adopted for software-only products as enabling methodology for
feedback-based software development. For example, a popular search engine
conducts ~250 experiments each day to improve the software based on its users'
behavior. This work investigates design criteria for the software architecture
and the corresponding software development and deployment process for complex
cyber-physical systems, with the goal of enabling Continuous Experimentation as
a way to achieve continuous software evolution. Our research involved reviewing
related literature on the topic to extract relevant design requirements. The
study is concluded by describing the software development and deployment
process and software architecture adopted by our self-driving vehicle
laboratory, both based on the extracted criteria.Comment: Copyright 2017 IEEE. Paper submitted and accepted at the 2017 IEEE
International Conference on Software Architecture. 8 pages, 2 figures.
Published in IEEE Xplore Digital Library, URL:
http://ieeexplore.ieee.org/abstract/document/7930218
Combined automotive safety and security pattern engineering approach
Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt
On Using Blockchains for Safety-Critical Systems
Innovation in the world of today is mainly driven by software. Companies need
to continuously rejuvenate their product portfolios with new features to stay
ahead of their competitors. For example, recent trends explore the application
of blockchains to domains other than finance. This paper analyzes the
state-of-the-art for safety-critical systems as found in modern vehicles like
self-driving cars, smart energy systems, and home automation focusing on
specific challenges where key ideas behind blockchains might be applicable.
Next, potential benefits unlocked by applying such ideas are presented and
discussed for the respective usage scenario. Finally, a research agenda is
outlined to summarize remaining challenges for successfully applying
blockchains to safety-critical cyber-physical systems
Cyber physical systems implementation for asset management improvement: A framework for the transition
Libro en Open AccessThe transformation of the industry due to recent technologies introduction is an evolving
process whose engines are competitiveness and sustainability, understood in its broadest sense (environmental,
economic and social). This process is facing, due to the current state of scientific and technological
development, a new challenge yet even more important: the transition from discrete technological solutions
that respond to isolated problems, to a global conception where the assets, plant, processes and engineering
systems are conceived, designed and operated as an integrated complex unit. This vision is evolving
besides a set of concepts that are, in some way, to guide this development: Smart Factories, Cyber-Physical
Systems, Factory of the Future or Industry 4.0, are examples. The full integration of the operation and
maintenance (O&M) processes in the production systems is a key topic within this new paradigm. Not
only that, this evolution necessarily results in the emergence of new processes and needs of O&M, i.e.
also, the O&M will undergo a profound transformation. The transition from actual isolated production
assets to such Industry 4.0 with CPS is far from easy. This document presents a proposal to develop such
transition adapting one iteration of the Model of Maintenance Management (MMM) integrated into
ISO 55000 to the complexity of incorporating “System of Systems” CPSs maintenance. It involves several
stages: identification, prioritization, risk management, planning, scheduling, execution, control, and
improvement supported by system engineering techniques and agile/concurrent project managemen
- …