Adaptive Process Management in Cyber-Physical Domains

The increasing application of process-oriented approaches in new challenging cyber-physical domains beyond business computing (e.g., personalized healthcare, emergency management, factories of the future, home automation, etc.) has led to reconsider the level of flexibility and support required to manage complex processes in such domains. A cyber-physical domain is characterized by the presence of a cyber-physical system coordinating heterogeneous ICT components (PCs, smartphones, sensors, actuators) and involving real world entities (humans, machines, agents, robots, etc.) that perform complex tasks in the “physical” real world to achieve a common goal. The physical world, however, is not entirely predictable, and processes enacted in cyber-physical domains must be robust to unexpected conditions and adaptable to unanticipated exceptions. This demands a more flexible approach in process design and enactment, recognizing that in real-world environments it is not adequate to assume that all possible recovery activities can be predefined for dealing with the exceptions that can ensue. In this chapter, we tackle the above issue and we propose a general approach, a concrete framework and a process management system implementation, called SmartPM, for automatically adapting processes enacted in cyber-physical domains in case of unanticipated exceptions and exogenous events. The adaptation mechanism provided by SmartPM is based on declarative task specifications, execution monitoring for detecting failures and context changes at run-time, and automated planning techniques to self-repair the running process, without requiring to predefine any specific adaptation policy or exception handler at design-time

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema

Modeling and Analyzing Cyber-Physical Systems Using Hybrid Predicate Transition Nets

Cyber-Physical Systems (CPSs) are software controlled physical devices that are being used everywhere from utility features in household devices to safety-critical features in cars, trains, aircraft, robots, smart healthcare devices. CPSs have complex hybrid behaviors combining discrete states and continuous states capturing physical laws. Developing reliable CPSs are extremely difficult. Formal modeling methods are especially useful for abstracting and understanding complex systems and detecting and preventing early system design problems. To ensure the dependability of formal models, various analysis techniques, including simulation and reachability analysis, have been proposed in recent decades. This thesis aims to provide a unified formal modeling and analysis methodology for studying CPSs. Firstly, this thesis contributes to the modeling and analysis of discrete, continuous, and hybrid systems. This work enhances modeling of discrete systems using predicate transition nets (PrTNs) by fully realizing the underlying specification through incorporating the first-order logic with set theory, improving the type system, and providing incremental model composition. This work enhances the technique of analyzing discrete systems using PrTN by improving the simulation algorithm and its efficient implementation. This work also improves the analysis of discrete systems using SPIN by providing a more accurate and complete translation method. Secondly, this work contributes to the modeling and analysis of hybrid systems by proposing an extension of PrTNs, hybrid predicate transition nets (HPrTNs). The proposed method incorporates a novel concept of token evolution, which nicely addresses the continuous state evolution and the conflicts present in other related works. This work presents a powerful simulation capability that can handle linear, non-linear dynamics, transcendental functions through differential equations. This work also provides a complementary technique for reachability analysis through the translation of HPrTN models for analysis using SpaceEx

Improving Attack Trees Analysis using Petri Net modeling of Cyber-Attacks

Publisher Copyright: © 2019 IEEE.Cyber security is one general concern to all network-based organizations. In recent years, by significant increasing cyber-attacks in critical infrastructures (CIs) the need of smart prediction, awareness and protection systems is not deniable. The first step for security assessment is on recognizing and analyzing attacks. In this paper, one of the graphical security assessments named Attack Tree (AT) is used to illustrate one kind of cyber-attacks scenario in Industry 4.0 and the system's behavior is analyzed by Petri Nets.authorsversionpublishe

Petri net modeling of cyber-physical attacks on smart grid

This paper investigates the use of Petri nets for modeling coordinated cyber-physical attacks on the smart grid. Petri nets offer more flexibility and expressiveness than traditional attack trees to represent the actions of simultaneous attackers. However, Petri net models for attacks on very large critical infrastructures such as the smart grid require a great amount of manual effort and detailed expertise in cyber-physical threats. To overcome these obstacles, we propose a novel hierarchical method to construct large Petri nets from a number of smaller Petri nets that can be created separately by different domain experts. The construction method is facilitated by a model description language that enables identical places in different Petri nets to be matched. The new modeling approach is described for an example attack on smart meters, and its efficacy is demonstrated by a proof-of-concept Python program

Dependability Model of Automated Intelligent Regenerative Life Support System for Space Missions

Long-duration human space missions require intelligent regenerative life support systems that can recycle resources and automatically manage failures. This paper explores using Petri nets to model the reliability and complex interactions of such closed-loop systems. An architecture consisting of primary systems, backups, and consumable reserves is outlined. The automation system that controls everything is described. Petri nets can capture concurrency, failure modes, redundancy, and dynamic behavior. A modular modeling methodology is presented to develop hierarchical Petri net models that scale in fidelity. Elementary fragments represent failures and redundancy. Subsystem modules can be substituted for more detailed models. Analysis and simulation assess system reliability and failure response. This supports designing ultra-reliable systems to safely sustain human life in space

Construction and Analysis of Petri Net Model for Distributed Cyber Physical Systems

A Distributed Cyber-Physical System (DCPS) composition poses challenges in determining its emergent behaviour. These challenges occur due to (1) the appearance of causal loops of information and energy flow through cyber and physical channels and (2) inherent non-determinism in the temporally ordered flow of events within independently evolving interacting processes of Constituent Systems (CSs). Hence, there is a need to construct a model of the envisaged schematic of DCPS composition for analysis and verification of its significant properties in the conceptual design stage of the system development life cycle. This paper presents a procedure to construct DCPS composition models in Petri net formalism using distributed abstractions. The model for each CS is obtained from elementary constructs using compositional operators. The interaction among CSs occurs through channels obtained by connecting send and receive constructs of two CSs participating in an interaction. The internal processing within a CS characterizing its primary function is abstracted in a generic passthrough construct. Representing these constructs with compositional operators results in the complete DCPS model in Petri net formalism. A toolchain with Reference net workshop (Renew) as an integrated Petri net editing and analysis platform is configured to support DCPS modelling, simulation and analysis. The Renew tool functionality has been enhanced with a plugin designed and developed by authors to facilitate the drawing of the distributed composition model. A low-level Petri net analysis (Lola) v2.0 plugin is employed to verify the Petri net and temporal properties of the modelled DCPS scenarios. The properties of the resultant model are verified using well-established algorithms to analyze Petri nets. Further, system properties specified using temporal logic can be verified using model-checking algorithms for Petri nets. A moderately complex scenario involving interactions among six CSs illustrates the presented approach

A model of distributed key generation for industrial control systems

11th International Workshop on Discrete Event Systems, WODES 2012; Guadalajara, Jalisco; Mexico; 3 October 2012 through 5 October 2012The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to cyber-threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (Modbus). To validate in a formal way selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks against the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment