22,626 research outputs found
An Architectural Approach to the Design and Analysis of Cyber-Physical Systems
This paper presents an extension of existing software architecture tools to model physical systems, their interconnections, and the interactions between physical and cyber components. A new CPS architectural style is introduced to support the principled design and evaluation of alternative architectures for cyber-physical systems (CPSs). The implementation of the CPS architectural style in AcmeStudio includes behavioral annotations on components and connectors using either finite state processes (FSP) or linear hybrid automata (LHA) with plug-ins to perform behavior analysis using the Labeled Transition System Analyzer (LTSA) or Polyhedral Hybrid Automata Verifier (PHAVer), respectively. The CPS architectural
style and analysis plug-ins are illustrated with an example
Conceptual Systems Security Analysis Aerial Refueling Case Study
In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic Process Analysis approach for Security (STPA Sec) is tailored and presented in three phases which support the development of conceptual-level security requirements, applicable design-level criteria, and architectural-level security specifications. This work uniquely presents a detailed case study of a conceptual-level systems security analysis of a notional aerial refueling system based on the tailored STPA-Sec approach. This work is critically important for advancing the science of systems security engineering by providing a standardized approach for understanding security, safety, and resiliency requirements in complex systems with traceability and testability
Cybersecurity Architectural Analysis for Complex Cyber-Physical Systems
In the modern military’s highly interconnected and technology-reliant operational environment, cybersecurity is rapidly growing in importance. Moreover, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes, cybersecurity is no longer limited to traditional computer systems and IT networks. While architectural analysis approaches are critical to improving cybersecurity, these approaches are often poorly understood and applied in ad hoc fashion. This work addresses these gaps by answering the questions: 1. “What is cybersecurity architectural analysis?” and 2. “How can architectural analysis be used to more effectively support cybersecurity decision making for complex cyber-physical systems?” First, a readily understandable description of key architectural concepts and definitions is provided which culminates in a working definition of “cybersecurity architectural analysis,” since none is available in the literature. Next, we survey several architectural analysis approaches to provide the reader with an understanding of the various approaches being used across government and industry. Based on our proposed definition, the previously introduced key concepts, and our survey results, we establish desirable characteristics for evaluating cybersecurity architectural analysis approaches. Lastly, each of the surveyed approaches is assessed against the characteristics and areas of future work are identified
Towards a Layered Architectural View for Security Analysis in SCADA Systems
Supervisory Control and Data Acquisition (SCADA) systems support and control
the operation of many critical infrastructures that our society depend on, such
as power grids. Since SCADA systems become a target for cyber attacks and the
potential impact of a successful attack could lead to disastrous consequences
in the physical world, ensuring the security of these systems is of vital
importance. A fundamental prerequisite to securing a SCADA system is a clear
understanding and a consistent view of its architecture. However, because of
the complexity and scale of SCADA systems, this is challenging to acquire. In
this paper, we propose a layered architectural view for SCADA systems, which
aims at building a common ground among stakeholders and supporting the
implementation of security analysis. In order to manage the complexity and
scale, we define four interrelated architectural layers, and uses the concept
of viewpoints to focus on a subset of the system. We indicate the applicability
of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure
Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems.
Unlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.This project has received funding from the Electronic Component Systems for European Leadership Joint Undertaking under grant agreement No 692474. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Spain, Czech Republic, Germany, Sweden, Austria, Italy, United Kingdom, Franc
A framework for Model-Driven Engineering of resilient software-controlled systems
AbstractEmergent paradigms of Industry 4.0 and Industrial Internet of Things expect cyber-physical systems to reliably provide services overcoming disruptions in operative conditions and adapting to changes in architectural and functional requirements. In this paper, we describe a hardware/software framework supporting operation and maintenance of software-controlled systems enhancing resilience by promoting a Model-Driven Engineering (MDE) process to automatically derive structural configurations and failure models from reliability artifacts. Specifically, a reflective architecture developed around digital twins enables representation and control of system Configuration Items properly derived from SysML Block Definition Diagrams, providing support for variation. Besides, a plurality of distributed analytic agents for qualitative evaluation over executable failure models empowers the system with runtime self-assessment and dynamic adaptation capabilities. We describe the framework architecture outlining roles and responsibilities in a System of Systems perspective, providing salient design traits about digital twins and data analytic agents for failure propagation modeling and analysis. We discuss a prototype implementation following the MDE approach, highlighting self-recovery and self-adaptation properties on a real cyber-physical system for vehicle access control to Limited Traffic Zones
Recommended from our members
Design Space Exploration in Cyber-Physical Systems
Cyber physical systems (CPS) integrate a variety of engineering areas such as control, mechanical and computer engineering in a holistic design effort. While interdependencies between the different disciplines are key attributes of CPS design science, little is known about the impact of design decisions of the cyber part on the overall system qualities. To investigate these interdependencies, this paper proposes a simulation-based Design Space Exploration (DSE) framework that considers detailed cyber system parameters such as cache size, bus width, and voltage levels in addition to physical and control parameters of the CPS. We propose an exploration algorithm that surfs the parameter configurations in the cyber physical sub-systems, in order to approximate the Pareto-optimal design points with regards to the trade-os among the design objectives, such as energy consumption and control stability. We apply the proposed framework to a network control system for an inverted-pendulum application. The presented holistic evaluation of the identified Pareto-points reveals the presence of non-trivial trade-os, which are imposed by the control, physical, and detailed cyber parameters. For instance the identified energy and control optimal design points comprise configurations with a wide range of CPU speeds, sample times and cache configuration following non-trivial zig-zag patterns. The proposed framework could identify and manage those trade-os and, as a result, is an imperative rst step to automate the search for superior CSP configurations
- …