Semantic-driven modeling and reasoning for enhanced safety of cyber-physical systems

This dissertation is concerned with the development of new methodologies and semantics for model-based systems engineering (MBSE) procedures for the behavior modeling of cyber-physical systems (CPS). Our main interest is to enhance system-level safety through effective reasoning capabilities embedded in procedures for CPS design. This class of systems is defined by a tight integration of software and physical processes, the need to satisfy stringent constraints on performance, safety and a reliance on automation for the management of system functionality. Our approach employs semantic–driven modeling and reasoning : (1) for the design of cyber that can understand the physical world and reason with physical quantities, time and space, (2) to improve synthesis of component-based CPS architectures, and (3) to prevent under-specification of system requirements (the main cause of safety failures in software). We investigate and understand metadomains, especially temporal and spatial theories, and the role ontologies play in deriving formal, precise models of CPS. Description logic-based semantics and metadomain ontologies for reasoning in CPS and an integrated approach to unify the semantic foundations for decision making in CPS are covered. The research agenda is driven by Civil Systems design and operation applications, especially the dilemma zone problem. Semantic models of time and space supported respectively by Allen’s Temporal Interval Calculus (ATIC) and Region Connectedness Calculus (RCC-8) are developed and demonstrated thanks to the capabilities of Semantic Web technologies. A modular, flexible, and reusable reasoning-enabled semantic-based platform for safety-critical CPS modeling and analysis is developed and demonstrated. The platform employs formal representations of domains (cyber, physical) and metadomains (temporal and spatial) entities using decidable web ontology language (OWL) formalisms. Decidable fragments of temporal and spatial calculus are found to play a central role in the development of spatio-temporal algorithms to assure system safety. They rely on formalized safety metrics developed in the context of cyber-physical transportation systems and collision avoidance for autonomous systems. The platform components are integrated together with Whistle, a small scripting language (under development) able to process complex datatypes including physical quantities and units. The language also enables the simulation, visualization and analysis of safety tubes for collision prediction and prevention at signalized and non-signalized traffic intersections

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

On Using Blockchains for Safety-Critical Systems

Innovation in the world of today is mainly driven by software. Companies need to continuously rejuvenate their product portfolios with new features to stay ahead of their competitors. For example, recent trends explore the application of blockchains to domains other than finance. This paper analyzes the state-of-the-art for safety-critical systems as found in modern vehicles like self-driving cars, smart energy systems, and home automation focusing on specific challenges where key ideas behind blockchains might be applicable. Next, potential benefits unlocked by applying such ideas are presented and discussed for the respective usage scenario. Finally, a research agenda is outlined to summarize remaining challenges for successfully applying blockchains to safety-critical cyber-physical systems