Software Engineering Challenges for Investigating Cyber-Physical Incidents

Cyber-Physical Systems (CPS) are characterized by the interplay between digital and physical spaces. This characteristic has extended the attack surface that could be exploited by an offender to cause harm. An increasing number of cyber-physical incidents may occur depending on the configuration of the physical and digital spaces and their interplay. Traditional investigation processes are not adequate to investigate these incidents, as they may overlook the extended attack surface resulting from such interplay, leading to relevant evidence being missed and testing flawed hypotheses explaining the incidents. The software engineering research community can contribute to addressing this problem, by deploying existing formalisms to model digital and physical spaces, and using analysis techniques to reason about their interplay and evolution. In this paper, supported by a motivating example, we describe some emerging software engineering challenges to support investigations of cyber-physical incidents. We review and critique existing research proposed to address these challenges, and sketch an initial solution based on a meta-model to represent cyber-physical incidents and a representation of the topology of digital and physical spaces that supports reasoning about their interplay

Kind computing

Kindness can boost happiness and wellbeing. It can benefit individuals (e.g., increasing resilience) as well as society (e.g., increasing trust). With digital technology permeating our daily lives, there are increasing opportunities for such technology to enable, mediate, and amplify kindness in society. In this paper, we propose kind computing, a new computing paradigm that explicitly incorporates kindness into the development and use of digital technology. We envisage software engineering as a discipline that can deliver such technology. However, software engineering techniques do not provide explicit abstractions, formalisms, and tools to consider, analyse, and implement software that delivers such technology. With reference to related work, we elaborate on kind computing and the role of software engineering in enabling it, identify open research challenges, elicit three categories of kind computing requirements, and sketch a research agenda for future work

On the Automated Management of Security Incidents in Smart Space

The proliferation of smart spaces, such as smart buildings, is increasing opportunities for offenders to exploit the interplay between cyber and physical components, in order to trigger security incidents. Organizations are obliged to report security incidents to comply with recent data protection regulations. Organizations can also use incident reports to improve security of the smart spaces where they operate. Incident reporting is often documented in structured natural language. However, reports often do not capture relevant information about cyber and physical vulnerabilities present in a smart space that are exploited during an incident. Moreover, sharing information about security incidents can be difficult, or even impossible, since a report may contain sensitive information about an organization. In previous work, we provided a meta-model to represent security incidents in smart spaces. We also developed an automated approach to share incident knowledge across different organizations. In this paper we focus on incident reporting. We provide a System Editor to represent smart buildings where incidents can occur. Our editor allows us to represent cyber and physical components within a smart building and their interplay. We also propose an Incident Editor to represent the activities of an incident, including —for each activity— the target and the resources exploited, the location where the activity occurred, and the activity initiator. Building on our previous work, incidents represented using our editor can be shared across various organizations, and instantiated in different smart spaces to assess how they can re-occur. We also propose an Incident Filter component that allows viewing and prioritizing the most relevant incident instantiations, for example, involving a minimum number of activities. We assess the feasibility of our approach in assisting incident reporting using an example of a security incident that occurred in a research center

Software engineering for forensic-ready cyber-physical systems

Cyber-Physical Systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Security incidents targeting CPSs can have disruptive consequences on assets and people. Since prior incidents tend to re-occur, sharing knowledge about these incidents can potentially help organisations be more prepared to investigate future incidents, i.e. to be forensicready for future investigations of incidents. In this thesis, we aim to support forensic readiness of CPSs. To this end, we propose a novel approach for representing and sharing security incidents knowledge between systems to assess organisations’ forensic readiness. We represent incident knowledge as incident patterns that capture incident characteristics (e.g., incident activities) that can manifest again. Incident patterns are a more abstract representation of incident instances and, thus, can be shared between systems. To support the approach, we provide two meta-models that represent, respectively, incidents and systems. The incident meta-model captures the characteristics of incidents, such as assets and activities. The system meta-model captures cyber and physical components and their interactions. We provide an automated technique to extract an incident pattern from a specific incident instance. To assess how incident patterns can manifest in systems, we propose an automated technique to instantiate incident patterns to specific systems. We propose a set of software tools to facilitate incident management in smart spaces (e.g., smart buildings). We provide a System Editor to represent smart buildings where incidents can occur. We also propose an Incident Editor to represent the activities of an incident and associated entities (e.g., location). We also propose an Incident Filter that allows viewing and prioritising the most relevant incident instantiations. To assess forensic readiness of CPSs, we propose an automated technique to assess availability of data sources that are required to observe and store data about events relevant to future investigations of incidents. We demonstrate the feasibility of our approach in the application domain of smart buildings using two substantive scenarios inspired by real-world systems and incidents

Requirements for Designing Kind Spaces

Kindness is an important quality of human behavior, and the physical spaces in which people live, work, and interact can significantly influence the experience and expression of kindness. With the growing integration of digital technology into physical spaces, designers have a unique opportunity to intentionally foster and amplify kindness while also mitigating unkindness. However, creating such spaces is a challenge that requires an understanding of the various intertwined digital, physical, psychological, and social dimensions. To gain such an understanding, it is important to identify and articulate the key requirements that reflect these dimensions and their interplay. In this paper we explore the notion of a kind space—a space intentionally designed to enable and amplify kind behavior while preventing unkind behavior. We argue that the design of kind spaces requires consideration of two essential requirements: topology, the arrangement and relationship of digital and physical spatial entities, and psycho-social factors, such as emotionality and social relatedness. We examine these requirements and their operationalization, proposing a way for designers to create kind spaces. We use a professional workspace scenario to demonstrate the application of such requirements. We suggest that the deliberate use of digital technology in creating kind spaces can positively impact individuals and communities

Kind Computing

Kindness can boost happiness and wellbeing. It can benefit individuals (e.g., increasing resilience) as well as society (e.g., increasing trust). With digital technology permeating our daily lives, there are increasing opportunities for such technology to enable, mediate, and amplify kindness in society. In this paper, we propose kind computing, a new computing paradigm that explicitly incorporates kindness into the development and use of digital technology. We envisage software engineering as a discipline that can deliver such technology. However, software engineering techniques do not provide explicit abstractions, formalisms, and tools to consider, analyse, and implement software that delivers such technology. With reference to related work, we elaborate on kind computing and the role of software engineering in enabling it, identify open research challenges, elicit three categories of kind computing requirements, and sketch a research agenda for future work

Requirements for designing kind spaces

Kindness is an important quality of human behavior, and the physical spaces in which people live, work, and interact can significantly influence the experience and expression of kindness. With the growing integration of digital technology into physical spaces, designers have a unique opportunity to intentionally foster and amplify kindness while also mitigating unkindness. However, creating such spaces is a challenge that requires an understanding of the various intertwined digital, physical, psychological, and social dimensions. To gain such an understanding, it is important to identify and articulate the key requirements that reflect these dimensions and their interplay. In this paper we explore the notion of a kind space—a space intentionally designed to enable and amplify kind behavior while preventing unkind behavior. We argue that the design of kind spaces requires consideration of two essential requirements: topology, the arrangement and relationship of digital and physical spatial entities, and psycho-social factors, such as emotionality and social relatedness. We examine these requirements and their operationalization, proposing a way for designers to create kind spaces. We use a professional workspace scenario to demonstrate the application of such requirements. We suggest that the deliberate use of digital technology in creating kind spaces can positively impact individuals and communities.</p

Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

Cyber-physical systems (CPSs) are part of many critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems - different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyber-physical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents

I’ve seen this before: sharing cyber-physical incident knowledge

An increasing number of security incidents in cyber-physical systems (CPSs) arise from the exploitation of cyber and physical components of such systems. Knowledge about how such incidents arose is rarely captured and used systematically to enhance security and support future incident investigations. In this paper, we propose an approach to represent and share incidents knowledge. Our approach captures incident patterns – common aspects of incidents occurring in different CPSs. Our approach then allows incident patterns to be instantiated for different systems to assess if and how such patterns can manifest again. To support our approach, we provide two meta-models that represent, respectively, incident patterns and the cyber-physical systems themselves. The incident meta-model captures the characteristics of incidents, such as assets and activities. The system meta-model captures cyber and physical components and their interactions, which may be exploited during an incident. We demonstrate the feasibility of our approach in the application domain of smart buildings, by tailoring the system meta-model to represent components and interactions in this domain