Современные методы обеспечения целостности данных в протоколах управления киберфизических систем

At present, the problem of creating methodological security of cyberphysical systems, in particular, the design and implementation of information security subsystems is acute. At the same time, the landscape of threats and vulnerabilities typical for a wide range of hardware and software technologies used in cyberphysical systems is extremely wide and complex. In this context, the security of application layer protocols is of paramount importance, as these protocols are the basis for interaction between applications and services running on different devices, as well as in cloud infrastructures. With the constant interaction of the systems under study with the real physical infrastructure, the challenge is to determine effective measures to ensure the integrity of the transferred control commands, as disruption of the performed critical processes can affect human life and health. The paper provides an analytical review of the main methods of data integrity assurance in management protocol of cyberphysical systems, as well as an overview of application layer protocols vulnerabilities widely used in cyberphysical systems of different types. Classical methods of data integrity assurance, new methods, in particular, blockchain, as well as the main directions of increasing the efficiency of data integrity protocols in cyberphysical systems are considered. Analysis of application layer vulnerabilities is carried out on the example of the most popular MQTT, CoAP, AMQP, DDS, XMPP specifications and their implementations. It is established that despite the presence of basic security mechanisms in all these protocols, researchers continue to regularly identify vulnerabilities in popular implementations, that often endangers critical infrastructure services. In the course of preparing the review of the existing methods of data integrity assurance for the examined class of systems, the key problems of these methods integration and ways of their solution were defined.В настоящее время остро стоит проблема создания методологического обеспечения безопасности киберфизических систем, в частности проектирования и реализации подсистем информационной безопасности. При этом ландшафт угроз и уязвимостей, характерных для применяемого в киберфизических системах широкого спектра аппаратных и программных технологий, чрезвычайно широк и сложен. В этом контексте безопасность протоколов прикладного уровня имеет первостепенное значение, поскольку эти протоколы лежат в основе взаимодействия между приложениями и службами, работающими на различных устройствах, а также в облачных инфраструктурах. В условиях постоянного взаимодействия исследуемых систем с реальной физической инфраструктурой актуальна проблема определения эффективных мер по обеспечению целостности передаваемых команд управления, поскольку нарушение выполняемых критически важных процессов может затрагивать жизнь и здоровье людей. Представлен обзор основных методов обеспечения целостности данных в протоколах управления киберфизических систем, а также обзор уязвимостей протоколов прикладного уровня, широко используемых в различных киберфизических системах. Рассмотрены классические методы обеспечения целостности и новые методы, в частности блокчейн, а также основные направления повышения эффективности протоколов обеспечения целостности данных в киберфизических системах. Анализ уязвимостей прикладного уровня проведен на примере наиболее популярных спецификаций MQTT, CoAP, AMQP, DDS, XMPP, а также их реализаций. Установлено, что несмотря на наличие во всех перечисленных протоколах базовых механизмов обеспечения безопасности, исследователи продолжают регулярно выявлять уязвимости в популярных реализациях, что зачастую ставит под угрозу сервисы критической инфраструктуры. В ходе подготовки обзора существующих методов обеспечения целостности данных для исследуемого класса систем были определены ключевые проблемы интеграции этих методов и способы их решения

Understanding blockchain applications in Industry 4.0: From information technology to manufacturing and operations management

The current literature regarding blockchain-based applications in the context of Industry 4.0 has rapidly grown during the last decade. However, a systematic literature review that summarizes the main contributions, findings, and implications from a managerial perspective of the blockchain technology adoption in the specific context of Industry 4.0 is still missing. The present article aims to fill this research gap by examining and elaborating on the extant literature to develop a literature-grounded framework (WHY-HOW-WHAT) that helps better understand the management issues that blockchain technology can help resolve in the context of Industry 4.0, as well as identify the main features of blockchain-based solutions in various areas of Industry 4.0. Furthermore, the proposed framework is useful to understand how ten Industry 4.0 enabling technologies combine with the blockchain technology to implement efficient and effective blockchain-based solutions in Industry 4.0 settings. Finally, based on this framework we conjecture the trajectories of the evolution of blockchain technology in Industry 4.0 settings, and highlight the relevant research gaps that both academics and practitioners working on this field should address in the near future

Blockchain-based reputation models for e-commerce: a systematic literature review

The Digital Age is the present, and nobody can deny that. With it has come a digital transformation in various sectors of activity, and e-commerce is no exception. Over the last few decades, there has been a massive increase in its utilization rates, as it has several advantages over traditional commerce. At the same time, the rise in the number of crimes on the Internet and, consequently, the understanding of the risks involved in online shopping has led consumers to become more cautious, looking for information about the seller and taking it into account when making a purchase decision. The need to get to know the merchant better before making a purchase decision has encouraged the creation of reputation systems, whose services play an essential role in today's e-commerce context. Reputation systems act as mechanisms to reduce information asymmetry between consumers and sellers and establish rankings that attest to fulfilling standards and policies considered necessary for shops operating in the digital market. The critical problems in current reputation systems are the frauds and attacks that such systems currently have to deal with, which results in a lack of trust between users. These security and fraud issues are critical because users' trust is commonly based on reputation models, and many of these current systems are not immune to them, thus compromising e-commerce growth. The need for a better and safer model emerges with the development of e-commerce. Through reading the articles and pursuing the answers to the primary questions, blockchain is data register technology to be analysed in order to gain a better acknowledgment of the potential of such technology. More research work and investigation must be done to fully understand how to create a more assertive reputation model. Thus, this study systematizes the knowledge generated by reputation models in E-commerce studies in Scopus, WoS databases, and Google Scholar, using PRISMA methodology. A systematic approach was adopted in conducting a literature review. The need for a systematic literature review came from the knowledge that there are reputation systems that mitigate some of the problems. In addition to identifying some indicators used in reputation models, we also conclude that these models could help provide some insurance to buyers and sellers, with a commitment to being a problem solver, being able to mitigate known problems such as Collusion, Sybil attacks, laundering attacks, and preventing online fraud ranging from ballot stuffing and bad-mouthing. Nevertheless, the results of the present work demonstrate that even though these reputation models still cannot solve all of the problems, attacking one fraud opens the door to an attack. The architecture of the models was identified, with the realization that a few lacks that need to be fulfilled

Distributed Ledger Technologies in Supply Chain Security Management: A Comprehensive Survey

Supply chains (SC) present performance bottlenecks that contribute to a high level of costs, infiltration of product quality, and impact productivity. Examples of such inhibitors include the bullwhip effect, new product lines, high inventory, and restrictive data flows. These bottlenecks can force manufacturers to source more raw materials and increase production significantly. Also, restrictive data flow in a complex global SC network generally slows down the movement of goods and services. The use of distributed ledger technologies (DLT) in SC management (SCM) demonstrates the potentials to reduce these bottlenecks through transparency, decentralization, and optimizations in data management. These technologies promise to enhance the trustworthiness of entities within the SC, ensure the accuracy of data-driven operations, and enable existing SCM processes to migrate from a linear to a fully circular economy. This article presents a comprehensive review of 111 articles published in the public domain in the use and efficacy of DLT in SC. It acts as a roadmap for current and future researchers who focus on SC security management to better understand the integration of digital technologies such as DLT. We clustered these articles using standard descriptors linked to trustworthiness, namely, immutability, transparency, traceability, and integrity

Distributed Ledger Technologies in Supply Chain Security Management: A Comprehensive Survey

This is an accepted manuscript of an article published by IEEE in IEEE Transactions on Engineering Management, available online at: https://ieeexplore.ieee.org/document/9366288 The accepted version of the publication may differ from the final published versionSupply-chains (SC) present performance bottlenecks that contribute to a high level of costs, infltration of product quality, and impact productivity. Examples of such inhibitors include the bullwhip effect, new product lines, high inventory, and restrictive data fows. These bottlenecks can force manufacturers to source more raw materials and increase production signifcantly. Also, restrictive data fow in a complex global SC network generally slows down the movement of goods and services. The use of Distributed LedgerTechnologies (DLT) in supply chain management (SCM) demonstrates the potentials to to reduce these bottlenecks through transparency, decentralization, and optimizations in data management. These technologies promise to enhance the trustworthiness of entities within the supply chain, ensure the accuracy of data-driven operations, and enable existing SCM processes to migrate from a linear to a fully circular economy. This paper presents a comprehensive review of 111 articles published in the public domain in the use and effcacyofDLTin SC.It acts asaroadmapfor current and futureresearchers whofocus onSC Security Management to better understand the integration of digital technologies such as DLT. We clustered these articles using standard descriptors linked to trustworthiness, namely, immutability, transparency, traceability, and integrity

Model-Based Engineering of Collaborative Embedded Systems

This Open Access book presents the results of the "Collaborative Embedded Systems" (CrESt) project, aimed at adapting and complementing the methodology underlying modeling techniques developed to cope with the challenges of the dynamic structures of collaborative embedded systems (CESs) based on the SPES development methodology. In order to manage the high complexity of the individual systems and the dynamically formed interaction structures at runtime, advanced and powerful development methods are required that extend the current state of the art in the development of embedded systems and cyber-physical systems. The methodological contributions of the project support the effective and efficient development of CESs in dynamic and uncertain contexts, with special emphasis on the reliability and variability of individual systems and the creation of networks of such systems at runtime. The project was funded by the German Federal Ministry of Education and Research (BMBF), and the case studies are therefore selected from areas that are highly relevant for Germany’s economy (automotive, industrial production, power generation, and robotics). It also supports the digitalization of complex and transformable industrial plants in the context of the German government's "Industry 4.0" initiative, and the project results provide a solid foundation for implementing the German government's high-tech strategy "Innovations for Germany" in the coming years