Authors:
Andreas Aigner
and
Abdelmajid Khelil
Affiliation:
Faculty of Computer Science, Landshut University of Applied Science, Landshut, Germany
Keyword(s):
Security, Security Model, Security Engineering, Cyber-Physical Systems, Threat Model, System Model, Model-based Engineering, Security Analysis, Security Scoring, Security Metric.
Abstract:
Establishing and sustaining a sufficient level of security in Cyber-Physical Systems (CPS) proposes a major challenge for engineers. Key characteristics, like heterogeneity, unpredictability and safety-relevance have the potential to significantly impact the overall level of security. However, exploited security-related vulnerabilities may cause malfunction of critical components or result in loss of sensitive information. Therefore, a toolkit, which is capable to identify vulnerabilities regarding security in CPS, would provide great benefit. Although a variety of security analysis frameworks exist, they mainly do not address the challenges proposed by CPS, which limits their applicability or accuracy. We aim to elaborate a more effective solution for CPS by analysing security on a Systems-of-Systems level. Moreover, we focus on the semantic relationships between essential security information, like attackers and attacks, towards the actual specification of the CPS. Our elaborated a
pproach produces a quantitative expression of security, based on a variety of evaluation criteria and -policies. Ultimately, the generated output provides a quick indication about potential security-related threats and vulnerabilities. We utilize a prototypical, but realistic car-sharing application as a prime example for CPS, to illustrate the benefits and ease-of-use of our proposed solution.
(More)