Blockchain-based model for tracking software requirement compliance in industrial control systems with secure software development lifecycle

Disertacija se bavi istraživanjem je primena Hyperledger Fabric blokčejn rešenja za praćenje usklađenosti softvera sa bezbednosnim zahtevima u industrijskim upravljačkim sistemima. Definisan je model koji obuhvata učesnike, slučajeve korišćenja i princip bezbednosti podataka. Validacija modela sprovedena je kroz analizu bezbednosne prakse Upravljanje bezbednošću, deo standarda IEC 62443-4-1, koji obuhvata 13 zahteva. Model omogućava transparentnost, neporeljivost, sledljivost i dostupnost informacija, bitne osobine za industrijske upravljačke sisteme u kritičnim infrastrukturama. Poverljivost informacija obezbeđena je upotrebom privatne blokčejn mreže poput Hyperledger Fabric. Dalje, definisani su dijagrami slučajeva korišćenja i organizacije neophodni za funkcionalnost sistema. Korišćen je IPFS za skladištenje dokumenata, a zatim je postavljeno rešenje za Hyperledger Fabric blokčejnu mrežu. Ovaj pristup pruža uvid u usklađenost softvera, posebno u kritičnim sektorima, obezbeđujući sigurnost podataka i efikasnu implementaciju rešenja.This thesis investigates the application of the Hyperledger Fabric blockchain solution for monitoring software compliance with security requirements in industrial control systems. A model is defined that includes participants, use cases and the principle of data security. Validation of the model was carried out through the analysis of the safety practice Security management, part of the standard IEC 62443-4-1, which includes 13 requirements. The model enables transparency, non-repudiation, traceability and availability of information, essential features for industrial management systems in critical infrastructures. Information confidentiality is ensured by using a private blockchain network like Hyperledger Fabric. Furthermore, use case diagrams and organization necessary for system functionality are defined. IPFS was used to store documents, and then the solution was deployed on the Hyperledger Fabric blockchain network. This comprehensive approach provides insight into software compliance, particularly in critical sectors, ensuring data security and effective solution implementation