Automating Security Risk and Requirements Management for Cyber-Physical Systems

Cyber-physische Systeme ermöglichen zahlreiche moderne Anwendungsfälle und Geschäftsmodelle wie vernetzte Fahrzeuge, das intelligente Stromnetz (Smart Grid) oder das industrielle Internet der Dinge. Ihre Schlüsselmerkmale Komplexität, Heterogenität und Langlebigkeit machen den langfristigen Schutz dieser Systeme zu einer anspruchsvollen, aber unverzichtbaren Aufgabe. In der physischen Welt stellen die Gesetze der Physik einen festen Rahmen für Risiken und deren Behandlung dar. Im Cyberspace gibt es dagegen keine vergleichbare Konstante, die der Erosion von Sicherheitsmerkmalen entgegenwirkt. Hierdurch können sich bestehende Sicherheitsrisiken laufend ändern und neue entstehen. Um Schäden durch böswillige Handlungen zu verhindern, ist es notwendig, hohe und unbekannte Risiken frühzeitig zu erkennen und ihnen angemessen zu begegnen. Die Berücksichtigung der zahlreichen dynamischen sicherheitsrelevanten Faktoren erfordert einen neuen Automatisierungsgrad im Management von Sicherheitsrisiken und -anforderungen, der über den aktuellen Stand der Wissenschaft und Technik hinausgeht. Nur so kann langfristig ein angemessenes, umfassendes und konsistentes Sicherheitsniveau erreicht werden. Diese Arbeit adressiert den dringenden Bedarf an einer Automatisierungsmethodik bei der Analyse von Sicherheitsrisiken sowie der Erzeugung und dem Management von Sicherheitsanforderungen für Cyber-physische Systeme. Das dazu vorgestellte Rahmenwerk umfasst drei Komponenten: (1) eine modelbasierte Methodik zur Ermittlung und Bewertung von Sicherheitsrisiken; (2) Methoden zur Vereinheitlichung, Ableitung und Verwaltung von Sicherheitsanforderungen sowie (3) eine Reihe von Werkzeugen und Verfahren zur Erkennung und Reaktion auf sicherheitsrelevante Situationen. Der Schutzbedarf und die angemessene Stringenz werden durch die Sicherheitsrisikobewertung mit Hilfe von Graphen und einer sicherheitsspezifischen Modellierung ermittelt und bewertet. Basierend auf dem Modell und den bewerteten Risiken werden anschließend fundierte Sicherheitsanforderungen zum Schutz des Gesamtsystems und seiner Funktionalität systematisch abgeleitet und in einer einheitlichen, maschinenlesbaren Struktur formuliert. Diese maschinenlesbare Struktur ermöglicht es, Sicherheitsanforderungen automatisiert entlang der Lieferkette zu propagieren. Ebenso ermöglicht sie den effizienten Abgleich der vorhandenen Fähigkeiten mit externen Sicherheitsanforderungen aus Vorschriften, Prozessen und von Geschäftspartnern. Trotz aller getroffenen Maßnahmen verbleibt immer ein gewisses Restrisiko einer Kompromittierung, worauf angemessen reagiert werden muss. Dieses Restrisiko wird durch Werkzeuge und Prozesse adressiert, die sowohl die lokale und als auch die großräumige Erkennung, Klassifizierung und Korrelation von Vorfällen verbessern. Die Integration der Erkenntnisse aus solchen Vorfällen in das Modell führt häufig zu aktualisierten Bewertungen, neuen Anforderungen und verbessert weitere Analysen. Abschließend wird das vorgestellte Rahmenwerk anhand eines aktuellen Anwendungsfalls aus dem Automobilbereich demonstriert.Cyber-Physical Systems enable various modern use cases and business models such as connected vehicles, the Smart (power) Grid, or the Industrial Internet of Things. Their key characteristics, complexity, heterogeneity, and longevity make the long-term protection of these systems a demanding but indispensable task. In the physical world, the laws of physics provide a constant scope for risks and their treatment. In cyberspace, on the other hand, there is no such constant to counteract the erosion of security features. As a result, existing security risks can constantly change and new ones can arise. To prevent damage caused by malicious acts, it is necessary to identify high and unknown risks early and counter them appropriately. Considering the numerous dynamic security-relevant factors requires a new level of automation in the management of security risks and requirements, which goes beyond the current state of the art. Only in this way can an appropriate, comprehensive, and consistent level of security be achieved in the long term. This work addresses the pressing lack of an automation methodology for the security-risk assessment as well as the generation and management of security requirements for Cyber-Physical Systems. The presented framework accordingly comprises three components: (1) a model-based security risk assessment methodology, (2) methods to unify, deduce and manage security requirements, and (3) a set of tools and procedures to detect and respond to security-relevant situations. The need for protection and the appropriate rigor are determined and evaluated by the security risk assessment using graphs and a security-specific modeling. Based on the model and the assessed risks, well-founded security requirements for protecting the overall system and its functionality are systematically derived and formulated in a uniform, machine-readable structure. This machine-readable structure makes it possible to propagate security requirements automatically along the supply chain. Furthermore, they enable the efficient reconciliation of present capabilities with external security requirements from regulations, processes, and business partners. Despite all measures taken, there is always a slight risk of compromise, which requires an appropriate response. This residual risk is addressed by tools and processes that improve the local and large-scale detection, classification, and correlation of incidents. Integrating the findings from such incidents into the model often leads to updated assessments, new requirements, and improves further analyses. Finally, the presented framework is demonstrated by a recent application example from the automotive domain

Effects of Parental Divorce on Uncertainty Following Initial Communication with a Potential Romantic Partner

Decades of research have supported Berger and Calabrese\u27s (1975) Uncertainty Reduction Theory (URT), which posits that reducing uncertainty is a chief goal of initial communication between strangers. This study extends the scope of URT, focusing on initial communication between strangers who see themselves as potential romantic partners. Further, this study specifically examines the potential influence of a well-researched external factor that has been found to negatively affect the way people communicate and behave within romantic relationships: parental divorce. Although many studies have assessed the impact of parental divorce on communication in developed relationships, there is little research examining its impact on initial communication, specifically, uncertainty levels, between potential romantic partners. This study provides an initial examination of this question. A review of existing research suggests that the presence of parental divorce may result in increased negative communication patterns and distrust toward potential romantic partners, and that these effects are more pronounced the younger the child is when divorce occurs. These findings guided the hypothesis that individuals with divorced parents would express higher levels of uncertainty than those whose parents are not divorced. A second hypothesis predicted that the younger individuals were when their parents divorced, the higher their level of uncertainty would be. A research question asks whether current number of friends and similarity to a potential partner will affect uncertainty levels. To test these hypotheses and answer this question, a convenience sample of university students filled out a survey, which contained a hypothetical conversation that could have taken place between the participant and a potential romantic partner. Then, respondents completed the CL7 confidence scale (Clatterbuck, 1979) and answered a series of demographic questions, including whether their parents divorced, and if so, at what age the divorce occurred. A multiple regression analysis of the data indicated that neither parental divorce nor age at which divorce occurred influenced respondents\u27 level of uncertainty. Other findings demonstrated statistically significant relationships in the non-divorced parents data subset between respondents\u27 perceived similarity to the potential romantic partner, ethnicity and sex and respondents\u27 level of certainty. Potential explanations for these findings and theoretical implications are discussed

Formation of antihydrogen atoms in an ultra-cold positron-antiproton plasma

We discuss the formation of antihydrogen atoms ($\bar{\rm H}$) in an ultra-cold positron-antiproton plasma. For positron densities n_p\agt 10^8 cm$^{-3}$ the characteristic formation time of stable $\bar{H}$ is determined by collisional relaxation of highly excited atoms produced in the process of 3-body Thompson recombination. Relying on the mechanisms of ``replacement collisions'' and ``transverse collisional drift'' we find a bottleneck in the relaxation kinetics and analyze the physical consequences of this phenomenon.Comment: A talk given on ITAMP Workshop on Exotic Atoms, July 11-13, 1996; submitted to Physics Letters A; 3 pages, RevTe

Understanding human rhinovirus infections in terms of QSAR

AbstractThe human rhinoviruses (HRVs) are the single most important cause of common colds. The widespread nature of this affliction, the economic consequences, and the well-known impracticality of vaccine development due to the large number of HRV serotypes (>100) have justified the search for chemotherapeutic agents. The interest in the application of quantitative structure–activity relationships has steadily increased in recent decades and we hope it may be useful in the search for anti-HRV agents. In the present paper, we have discussed the inhibition of various six compound series against HRV-1A, -1B, -2, -9, -14, -21, -22, -25, -64, and -89 by the formulation of a total number of 14 QSAR. Hydrophobicity is found to be one of the most important determinants of activity. Parabolic correlation with the hydrophobic parameter (Eq. (7)) is an encouraging example, where the optimal hydrophobicity is well defined. We believe that this may be the predictive model to narrow the synthetic challenges in order to yield very specific HRV-2 inhibitors. On the basis of this model, we have predicted eleven compounds (I-1 to I-11) that may be the next synthetic target. The proposed molecules (I-1 to I-11) also fulfill the conditions of Lipinski's “rule of five”

QSAR Study of p56lck Protein Tyrosine Kinase Inhibitory Activity of Flavonoid Derivatives Using MLR and GA-PLS

Quantitative relationships between molecular structure and p56lck protein tyrosine kinase inhibitory activity of 50 flavonoid derivatives are discovered by MLR and GA-PLS methods. Different QSAR models revealed that substituent electronic descriptors (SED) parameters have significant impact on protein tyrosine kinase inhibitory activity of the compounds. Between the two statistical methods employed, GA-PLS gave superior results. The resultant GA-PLS model had a high statistical quality (R2 = 0.74 and Q2 = 0.61) for predicting the activity of the inhibitors. The models proposed in the present work are more useful in describing QSAR of flavonoid derivatives as p56lck protein tyrosine kinase inhibitors than those provided previously