Introduction to the Selected Papers from ICCPS 2016

Since their inception more than a decade ago, terms such as “cyber-physical systems” (CPS) or “cooperating objects” have come to describe research and engineering efforts that tightly conjoin real-world physical processes and computing systems. The integration of physical processes and computing is not new; embedded computing systems have been in place for decades controlling physical processes. The revolution is steaming from the extensive networking of embedded computing devices and the holistic cyber-physical co-design that integrates sensing, actuation, computation, networking, and physical processes. Such systems pose many broad scientific and technical challenges, ranging from distributed programming paradigms to networking protocols, as well as systems theory that combines physical models and networked embedded systems. Notably, as the physical interactions imply that timing requirements are considered, real-time computing systems methodologies and technologies are also pivotal in many of those systems. Moreover, many of these systems are often safety-critical, and therefore it is fundamental to guarantee other nonfunctional properties (such as safety, security, and reliability), which often interplay among them and with timeliness requirements. CPS is a growing key strategic research, development, and innovation area, and it is becoming pivotal for boosting the development of the future generation of highly complex and automated computing systems, which will be pervasive in virtually all application domains. Notable examples are aeronautics, aerospace and defence systems, robotics, autonomous transportation systems, the Internet of Things, energy-aware and green computing, smart factory automation, smart grids, and advanced medical devices and applications. This special issue contains a selection of extended versions of the best papers presented at the Seventh ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2016), which was held with the Cyber-Physical Systems Week in Vienna, Austria, on 11–14 April 2016. This selection reflects effectively the growing pervasiveness of these systems in various applications domains. These papers excel at describing the diversity of methodologies used to design and verify various non-functional properties of these complex systems.info:eu-repo/semantics/publishedVersio

Securing Safety Critical Automotive Systems

In recent years, several attacks were successfully demonstrated against automotive safety systems. The advancement towards driver assistance, autonomous driving, and rich connectivity make it impossible for automakers to ignore security. However, automotive systems face several unique challenges that make security adoption a rather slow and painful process. Challenges with safety and security co-engineering, the inertia of legacy software, real-time processing, and memory constraints, along with resistance to costly security countermeasures, are all factors that must be considered when proposing security solutions for automotive systems. In this work, we aim to address those challenges by answering the next questions. What is the right safety security co-engineering approach that would be suitable for automotive safety systems? Does AUTOSAR, the most popular automotive software platform, contain security gaps and how can they be addressed? Can an embedded HSM be leveraged as a security monitor to stop common attacks and maintain system safety? When an attack is detected, what is the proper response that harmonizes the security reaction with the safety constraints? And finally, can trust be established in a safety-critical system without violating its strict startup timing requirements? We start with a qualitative analysis of the safety and security co-engineering problem to derive the safety-driven approach to security. We then apply the approach to the AUTOSAR classic platform to uncover security gaps. Using a real automotive hardware environment, we construct security attacks against AUTOSAR and evaluate countermeasures. We then propose an HSM based security monitoring system and apply it against the popular CAN masquerading attack. Finally, we turn to the trust establishment problem in constrained devices and offer an accelerated secure boot method to improve the availability time by several factors. Overall, the security techniques and countermeasures presented in this work improve the security resilience of safety-critical automotive systems to enable future technologies that require strong security foundations. Our methods and proposed solutions can be adopted by other types of Cyber-Physical Systems that are concerned with securing safety.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/152321/1/Ahmad Nasser Final Thesis (1).pdfDescription of Ahmad Nasser Final Thesis (1).pdf : Dissertatio

Road2CPS priorities and recommendations for research and innovation in cyber-physical systems

This document summarises the findings of the Road2CPS project, co-financed by the European Commission under the H2020 Research and Innovation Programme, to develop a roadmap and recommendations for strategic action required for future deployment of Cyber-Physical Systems (CPS). The term Cyber-Physical System describes hardware-software systems, which tightly couple the physical world and the virtual world. They are established from networked embedded systems that are connected with the outside world through sensors and actuators and have the capability to collaborate, adapt, and evolve. In the ARTEMIS Strategic Research Agenda 2016, CPS are described as ‘Embedded Intelligent ICT Systems’ that make products smarter, more interconnected, interdependent, collaborative, and autonomous. In the future world of CPS, a huge number of devices connected to the physical world will be able to exchange data with each other, access web services, and interact with people. Moreover, information systems will sense, monitor and even control the physical world via Cyber-Physical Systems and the Internet of Things (HiPEAC Vision 2015). Cyber-Physical Systems find their application in many highly relevant areas to our society: multi-modal transport, health, smart factories, smart grids and smart cities amongst others. The deployment of Cyber-Physical Systems (CPS) is expected to increase substantially over the next decades, holding great potential for novel applications and innovative product development. Digital technologies have already pervaded day-to-day life massively, affecting all kinds of interactions between humans and their environment. However, the inherent complexity of CPSs, as well as the need to meet optimised performance and comply with essential requirements like safety, privacy, security, raises many questions that are currently being explored by the research community. Road2CPS aims at accelerating uptake and implementation of these efforts. The Road2CPS project identifying and analysing the relevant technology fields and related research priorities to fuel the development of trustworthy CPS, as well as the specific technologies, needs and barriers for a successful implementation in different application domains and to derive recommendations for strategic action. The document at hand was established through an interactive, community-based approach, involving over 300 experts from academia, industry and policy making through a series of workshops and consultations. Visions and priorities of recently produced roadmaps in the area of CPS, IoT (Internet of Things), SoS (System-of-Systems) and FoF (Factories of the Future) were discussed, complemented by sharing views and perspectives on CPS implementation in application domains, evolving multi-sided eco-systems as well as business and policy related barriers, enablers and success factors. From the workshops and accompanying activities recommendations for future research and innovation activities were derived and topics and timelines for their implementation proposed. Amongst the technological topics, and related future research priorities ‘integration, interoperability, standards’ ranged highest in all workshops. The topic is connected to digital platforms and reference architectures, which have already become a key priority theme for the EC and their Digitisation Strategy as well as the work on the right standards to help successful implementation of CPSs. Other themes of very high technology/research relevance revealed to be ‘modelling and simulation’, ‘safety and dependability’, ‘security and privacy’, ‘big data and real-time analysis’, ‘ubiquitous autonomy and forecasting’ as well as ‘HMI/human machine awareness’. Next to this, themes emerged including ‘decision making and support’, ‘CPS engineering (requirements, design)’, ‘CPS life-cycle management’, ‘System-of-Systems’, ‘distributed management’, ‘cognitive CPS’, ‘emergence, complexity, adaptability and flexibility’ and work on the foundations of CPS and ‘cross-disciplinary research/CPS Science’

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version