Conceptual Systems Security Analysis Aerial Refueling Case Study

In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic Process Analysis approach for Security (STPA Sec) is tailored and presented in three phases which support the development of conceptual-level security requirements, applicable design-level criteria, and architectural-level security specifications. This work uniquely presents a detailed case study of a conceptual-level systems security analysis of a notional aerial refueling system based on the tailored STPA-Sec approach. This work is critically important for advancing the science of systems security engineering by providing a standardized approach for understanding security, safety, and resiliency requirements in complex systems with traceability and testability

Designing with the use of data for a better understanding of people and operating contexts in sociotechnical systems

The complex systems defined as ‘sociotechnical systems’ are made of software, hardware and people, somehow linked to the policy and a large number of stakeholders. They show complex dependencies and functional-based constraints. Over the last decades, the need to cope with the complexity took different forms, evolving in research activities and new disciplines. Systemic Design (SD) is an approach to manage the complexity that draws its origins into the General System Theories, cybernetics and generative science of the twentieth century, up to the recent attention towards systems thinking. Cyber-physical systems (CPSs), on the other hand, draws its origins from software and mechanical engineering, merging theory of cybernetics, mechatronics, design and process science. In CPS computing and communication are tightly coupled with the monitoring and control of entities in the physical world (Cheng and Atlee, 2008). The idea behind CPS is similar to the idea of the Internet of Things (IoT), with which it shares the same architecture. IoT is growing importance also in the design field. As design research by definition is intended to produce knowledge, this knowledge can be acquired by merging different methods, e.g. qualitative and quantitative. The data collected and made available from IoT technologies quantifies aspects that were not measurable before, providing content for other research activities such as ethnographic research and participatory activities. The designer could query some physical object and obtain useful data for the design. In this paper, we seek to address the design process in the era of the IoT, exploring the use of data in the early design stages as a means to investigate the application domain and stakeholders’ interaction with products

Special Session on Industry 4.0

No abstract available

Game Theory Meets Network Security: A Tutorial at ACM CCS

The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory

Federated Embedded Systems – a review of the literature in related fields

This report is concerned with the vision of smart interconnected objects, a vision that has attracted much attention lately. In this paper, embedded, interconnected, open, and heterogeneous control systems are in focus, formally referred to as Federated Embedded Systems. To place FES into a context, a review of some related research directions is presented. This review includes such concepts as systems of systems, cyber-physical systems, ubiquitous computing, internet of things, and multi-agent systems. Interestingly, the reviewed fields seem to overlap with each other in an increasing number of ways