Security risks in cyber physical systems—A systematic mapping study

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber-attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state-of-the-art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model-based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber-security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber-attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.</p

Value-Based Fuzzy Approach for Non-functional Requirements Prioritization

Non-functional requirements (NFRs) are often addressed late in a project and, in turn, can get less attention in the requirements prioritization (RP) process. For various reasons, RP may happen based on functional requirements (FRs) only. While many approaches for prioritizing NFRs have been published, these are known also for some limitations, e.g. not being scalable, being domain-specific and not able to cope with changing requirements. In this paper, we proposes a value-based fuzzy approach for prioritizing NFRs together with FRs. Our proposed approach takes into account (1) the relationships of NFRs with FRs using experts’ evaluations and fuzzy logic, and (2) the dependencies among both types of requirements and also the interdependencies that particularly exist among the NFRs themselves. We evaluated our proposal by conducting a real-world case study of an ATM system. We also compared the list of prioritized NFRs with the list of NFRs prioritized by different stakeholders on the basis of classification factors. The results of applying the proposed approach on NFRs of ATM system show that the approach produces a conflict-free and consistent list of prioritized NFRs.</p

Framework to study the requirements-driven collaboration in agile teams / Irum Inayat

Requirements engineering requires intensive collaboration among team members. The importance of collaboration in agile methods is also undeniable. Due to their emphasis on collaboration, agile methods and requirements engineering activities seem to mutually support each other in software development. However, very little is still known about the “agile way” of dealing with requirements and how collaboration driven by requirements takes place especially among distributed team members. The main aim of this research is to investigate the socio-technical aspects of requirements-driven collaboration in agile teams. Firstly, this research identified the most relevant socio-technical aspects of` requirements-driven collaboration among agile teams through an online survey conducted on industry practitioners, as communication and awareness. Secondly, a framework was proposed to study the identified socio-technical aspects of requirements-driven collaboration among agile teams and a prototype was developed to partially automate the framework. Thirdly, an empirical investigation was conducted by studying four IT-based projects carried out in four different organizations. This empirical investigation led to the practical implementation of the proposed framework to study the requirements-driven collaboration among agile teams. This research was validated from two perspectives. From the academic perspective, the results show that the framework is structurally acceptable. From the industrial perspective, an applicability validation was performed to assess the application of the proposed framework while a utility validation was conducted to gauge the usefulness of the proposed framework. The study provides implications for both research and industry practitioners in the form of further research and tool development for agile teams collaboration and performance analysis underlying the concepts proposed in this study

A security risk mitigation framework for cyber physical systems

Cyber physical systems (CPSs) are safety-critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber-security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man-in-the-middle attack, spoofing, and data tempering

AUDD: Audio Urdu digits dataset for automatic audio Urdu digit recognition

The ongoing development of audio datasets for numerous languages has spurred research activities towards designing smart speech recognition systems. A typical speech recognition system can be applied in many emerging applications, such as smartphone dialing, airline reservations, and automatic wheelchairs, among others. Urdu is a national language of Pakistan and is also widely spoken in many other South Asian countries (e.g., India, Afghanistan). Therefore, we present a comprehensive dataset of spoken Urdu digits ranging from 0 to 9. Our dataset has 25,518 sound samples that are collected from 740 participants. To test the proposed dataset, we apply different existing classification algorithms on the datasets including Support Vector Machine (SVM), Multilayer Perceptron (MLP), and flavors of the EfficientNet. These algorithms serve as a baseline. Furthermore, we propose a convolutional neural network (CNN) for audio digit classification. We conduct the experiment using these networks, and the results show that the proposed CNN is efficient and outperforms the baseline algorithms in terms of classification accuracy

A reflection on agile requirements engineering: solutions brought and challenges posed

The software development industry has rapidly accepted agile methods. Empirical studies suggest that due to their flexible and emergent nature, agile methods brought solutions to several chronic problems of traditional software development methods. One among the many is the acceptance of requirements changes at later stages of development. However, knowledge about the solutions that agile brought to requirements engineering (RE) is fragmented. Also, little is known about whether the agile philosophy, while introducing solutions to well-known RE problems from the past, has unintentionally opened new challenges. This paper offers a reflection on this matter. Based on the results of our recently published systematic review on agile RE, we reflect on the differences of ‘traditional’ and agile RE and the practices adopted by the latter, on the solutions and challenges of agile RE, and on some implications that agile RE might have posed for research and practice

A systematic literature review on agile requirements engineering practices and challenges

Unlike traditional software development methods, agile methods are marked by extensive collaboration, i.e. face-to-face communication. Although claimed to be beneficial, the software development community as a whole is still unfamiliar with the role of the requirements engineering practices in agile methods. The term “agile requirements engineering” is used to define the “agile way” of planning, executing and reasoning about requirements engineering activities. Moreover, not much is known about the challenges posed by collaboration-oriented agile way of dealing with requirements engineering activities. Our goal is to map the evidence available about requirements engineering practices adopted and challenges faced by agile teams in order to understand how traditional requirements engineering issues are resolved using agile requirements engineering. We conducted a systematic review of literature published between 2002 and June 2013 and identified 21 papers, that discuss agile requirements engineering. We formulated and applied specific inclusion and exclusion criteria in two distinct rounds to determine the most relevant studies for our research goal. The review identified 17 practices of agile requirements engineering, five challenges traceable to traditional requirements engineering that were overcome by agile requirements engineering, and eight challenges posed by the practice of agile requirements engineering. However, our findings suggest that agile requirements engineering as a research context needs additional attention and more empirical results are required to better understand the impact of agile requirements engineering practices e.g. dealing with non-functional requirements and self-organising teams