3 research outputs found
Qualitative Analysis for Validating IEC 62443-4-2 Requirements in DevSecOps
Validation of conformance to cybersecurity standards for industrial
automation and control systems is an expensive and time consuming process which
can delay the time to market. It is therefore crucial to introduce conformance
validation stages into the continuous integration/continuous delivery pipeline
of products. However, designing such conformance validation in an automated
fashion is a highly non-trivial task that requires expert knowledge and depends
upon the available security tools, ease of integration into the DevOps
pipeline, as well as support for IT and OT interfaces and protocols.
This paper addresses the aforementioned problem focusing on the automated
validation of ISA/IEC 62443-4-2 standard component requirements. We present an
extensive qualitative analysis of the standard requirements and the current
tooling landscape to perform validation. Our analysis demonstrates the coverage
established by the currently available tools and sheds light on current gaps to
achieve full automation and coverage. Furthermore, we showcase for every
component requirement where in the CI/CD pipeline stage it is recommended to
test it and the tools to do so
Modeling Decentralized Real-Time Control by State Space Partition of Timed Automata
Timed automata provide useful state machine based representations for the validation and verification of realtime control systems. This paper introduces an algorithmic methodology to translate the state space visualization of a centralized real-time control system to a decentralized one. Given a set of timed automata representing a centralized real-time control system, the algorithm partitions them into a collection of interacting submachines. Importantly, this methodology allows for model-checking of the derived decentralized system against the same set of verifications as that specified for the centralized system. The complexity analysis of the algorithm is presented as a function of the number of tasks and nodes comprising the decentralized system