Abstract
Cyber-Physical Systems (CPSs) combine computational and physical components enabling real-world interaction. Digitization, decentralization, and high connectivity, as well as incorporation of various enabling technologies, raise various security issues. These security concerns may affect safety, endangering assets and even human lives. This is especially true for CPS utilization in different sectors of great significance, including manufacturing or critical infrastructures, creating a need for efficiently handling relevant security issues. Including security as part of a software-intensive technical system (i.e., the CPS) that can be distributed and highly resilient highlights the need for appropriate security methodologies to be applied on the CPS from the engineering stage during CPS design. The efficient security-related processes that are implemented at design time have an impact on security monitoring during the CPS operational phase (at run-time). Efficient and accurate security monitoring that follows security-by-design principles can be a potent tool in the hands of the CPS manager for detecting and mitigating cyber threats. Monitoring traffic and activity at the system boundaries, detecting changes to device status and configuration, detecting suspicious activity indicating attacks, detecting unauthorized activity that is suspicious or violates security policies, and timely responding to security incidents and recovering from them are issues that need to be efficiently tackled with by security monitoring. In this chapter, we explore the various CPS cybersecurity threats and discuss how adding security as a parameter at the CPS design phase can provide a well-structured and efficient approach on providing strong security CPS foundations. New technologies on CPS security design are presented and emerging security directions are discussed. Furthermore, in the chapter, the different aspects of security monitoring are presented with a special emphasis on CPSs, discussing the various existing monitoring approaches that are followed in order to detect security issues at run-time. Specific use cases of CPSs in the manufacturing domain and with reference to critical infrastructures are also detailed and security requirements like confidentiality, integrity, and availability are discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Alcaraz, C., & Zeadally, S. (2013). Critical control system protection in the 21st century. Computer, 46, 74–83.
Amin, S., Schwartz, G. A., & Shankar Sastry, S. (2013). Security of interdependent and identical networked control systems. Automatica, 49, 186–192. https://doi.org/10.1016/j.automatica.2012.09.007.
Baheti, R., & Gill, H. (2011). Cyber-physical systems. The Impact of Control Technology, 12, 161–166.
Barnett, M., & Schulte, W. (2003). Runtime verification of net contracts. Journal of Systems and Software, 65, 199–208.
Barras, B., Boutin, S., Cornes, C., Courant, J., Filliatre, J.-C., Gimenez, E., et al. (1997). The Coq proof assistant reference manual: Version 6.1 (PhD Thesis). Inria.
Bécue, A., Fourastier, Y., Praça, I., Savarit, A., Baron, C., Gradussofs, B., et al. (2018). CyberFactory#1—Securing the industry 4.0 with cyber-ranges and digital twins. In 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS) (pp. 1–4). https://doi.org/10.1109/WFCS.2018.8402377.
Befekadu, G. K., Gupta, V., & Antsaklis, P. J. (2015). Risk-sensitive control under Markov modulated denial-of-service (DoS) attack strategies. IEEE Transactions on Automatic Control, 60, 3299–3304. https://doi.org/10.1109/TAC.2015.2416926.
Bellovin, S. M. (1989). Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communication Review, 19, 32–48.
Blum, M., & Wasserman, H. (1994). Software reliability via run-time result-checking. Journal of the ACM. Citeseer.
Börger, E., & Stärk, R. (2012). Abstract state machines: A method for high-level system design and analysis. Cham: Springer.
Byres, E., & Lowe, J. (2004). The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Kongress (pp. 213–218). Citeseer.
Cárdenas, A. A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y., & Sastry, S. (2011). Attacks against process control systems: Risk assessment, detection, and response. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11 (pp. 355–366). New York: ACM. https://doi.org/10.1145/1966913.1966959.
Chen, T., & Abu-Nimeh, S. (2011). Lessons from stuxnet. Computer, 44, 91–93.
Chupilko, M., & Kamkin, A. (2013). Runtime verification based on executable models: On-the-fly matching of timed traces. ArXivPrepr. ArXiv13031010.
Damjanovic-Behrendt, V. (2018). A digital twin architecture for security, privacy and safety. ERCIM NEWS, 115, 25–26.
Davidson, D., Wu, H., Jellinek, R., Singh, V., & Ristenpart, T. (2016). Controlling UAVs with sensor input spoofing attacks. In 10th USENIX Workshop on Offensive Technologies (WOOT 16).
Delaware, B., Pit-Claudel, C., Gross, J., & Chlipala, A. (2015). Fiat: Deductive synthesis of abstract data types in a proof assistant. In ACM SIGPLAN notices (pp. 689–700). New York: ACM.
Dignan, L. (2017). GE aims to replicate digital twin success with security-focused digital ghost. ZDNet.
Ding, D., Wei, G., Zhang, S., Liu, Y., & Alsaadi, F. E. (2017). On scheduling of deception attacks for discrete-time networked systems equipped with attack detectors. Neurocomputing, 219, 99–106. https://doi.org/10.1016/j.neucom.2016.09.009.
Eckhart, M., & Ekelhart, A. (2018a). Towards security-aware virtual environments for digital twins. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, CPSS’18 (pp. 61–72). New York: ACM. https://doi.org/10.1145/3198458.3198464.
Eckhart, M., & Ekelhart, A. (2018b). Securing cyber-physical systems through digital twins. ERCIM NEWS, 115, 22–23.
Eckhart, M., & Ekelhart, A. (2018c). Aspecification-based state replication approach for digital twins. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy (pp. 36–47). New York: ACM.
Ericsson, G. N. (2010). Cyber security and power system communication—Essential parts of a smart grid infrastructure. IEEE Transactions on Power Delivery, 25, 1501–1507.
Folds, D. J. (2015). Human in the loop simulation. In Modeling and simulation in the systems engineering lifecycle (pp. 175–183). London: Springer.
Fournaris, A. P., & Sklavos, N. (2014). Secure embedded system hardware design–a flexible security and trust enhanced approach. Computers and Electrical Engineering, 40, 121–133.
Fournaris, A. P., Pocero Fraile, L., & Koufopavlou, O. (2017a). Exploiting hardware vulnerabilities to attack embedded system devices: A survey of potent microarchitectural attacks. Electronics, 6, 52.
Fournaris, A. P., Lampropoulos, K., & Koufopavlou, O. (2017b). Hardware security for critical infrastructures-the CIPSEC project approach. In 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (pp. 356–361). IEEE.
Fournaris, A. P., Lampropoulos, K., & Koufopavlou, O. (2018). Trusted hardware sensors for anomaly detection in critical infrastructure systems. In Modern Circuits and Systems Technologies (MOCAST), 2018 7th International Conference (pp. 1–4). IEEE.
Fovino, I. N., Carcano, A., Masera, M., & Trombetta, A. (2009). An experimental investigation of malware attacks on SCADA systems. International Journal of Critical Infrastructure Protection, 2, 139–145.
Francia, G., III, Thornton, D., & Brookshire, T. (2012). Cyberattacks on SCADA systems. In Proceeding of the 16th colloquium for Information Systems Education (pp. 9–14).
Gandhi, R., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., & Laplante, P. (2011). Dimensions of cyber-attacks: Cultural, social, economic, and political. IEEE Technology and Society Magazine, 30, 28–38. https://doi.org/10.1109/MTS.2011.940293.
Gao, S., Kong, S., & Clarke, E. M. (2013). dReal: An SMT solver for nonlinear theories over the reals. In International Conference on Automated Deduction (pp. 208–214). New York: Springer.
Gollmann, D. (2012). Security for cyber-physical systems. In International doctoral workshop on Mathematical and Engineering Methods in Computer Science (pp. 12–14). New York: Springer.
Halfond, W. G., Viegas, J., Orso, A., et al. (2006). A classification of SQL-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering (pp. 13–15). IEEE.
Hoare, C. A. R. (1978). Proof of correctness of data representations. In Programming methodology (pp. 269–281). Springer.
Hodge, V., & Austin, J. (2004). A survey of outlier detection methodologies. Artificial Intelligence Review, 22, 85–126.
Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-physical systems security—A survey. IEEE Internet of Things Journal, 4, 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172.
Hwang, H., Jung, G., Sohn, K., & Park, S. (2008). A study on MITM (man in the middle) vulnerability in wireless network using 802.1 X and EAP. In Information Science and Security, 2008. ICISS. International Conference (pp. 164–170). IEEE.
Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25, 498–506.
Kane, A. (2015). Runtime monitoring for safety-critical embedded systems.
Katsigiannis, K., & Serpanos, D. (2018). MTF-storm: A high performance fuzzer for Modbus/TCP. In 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA) (pp. 926–931). IEEE.
Khan, M. T., Serpanos, D., & Shrobe, H. (2016). A rigorous and efficient run-time security monitor for real-time critical embedded system applications. In Internet of Things (WF-IoT), 2016 IEEE 3rd World Forum (pp. 100–105). IEEE.
Khan, M. T., Serpanos, D., & Shrobe, H. (2018). ARMET: Behavior-based secure and resilient industrial control systems. Proceedings of the IEEE, 106, 129–143.
Khorshed, M. T., Sharma, N. A., Kumar, K., Prasad, M., Ali, A. B. M. S., & Xiang, Y. (2015). Integrating internet-of-things with the power of cloud computing and the intelligence of big data analytics—A three layered approach. In 2015 2nd Asia-Pacific World Congress on Computer Science and Engineering (APWC on CSE) (pp. 1–8). https://doi.org/10.1109/APWCCSE.2015.7476124.
Kim, K.-D., & Kumar, P. R. (2012). Cyber-physical systems: A perspective at the centennial. Proceedings of the IEEE, 100, 1287–1308.
Kim, T. T., & Poor, H. V. (2011). Strategic protection againstdata injection attacks on power grids. IEEE Transactions on Smart Grid, 2, 326–333. https://doi.org/10.1109/TSG.2011.2119336.
Koopman, P., & Wagner, M. (2016). Challenges in autonomous vehicle testing and validation. SAE International Journal of Transportation Safety, 4, 15–24.
Koulamas, C., & Kalogeras, A. (2018). Cyber-physical systems and digital twins in the industrial IoT. Computer, 51(11), 95–98.
Koulamas, C., & Lazarescu, M. T. (2018). Real-time embedded systems: Present and future. MDPI Electronics, 7.
Kriebel, F., Rehman, S., Hanif, M. A., Khalid, F., & Shafique, M. (2018). Robustness for smart cyber physical systems and internet-of-things: From adaptive robustness methods to reliability and security for machine learning. In 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (pp. 581–586). https://doi.org/10.1109/ISVLSI.2018.00111.
Lakhina, A., Crovella, M., & Diot, C. (2005). Mining anomalies using traffic feature distributions. In ACM SIGCOMM Computer Communication Review (pp. 217–228). New York: ACM.
Langner, R. (2011). Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security and Privacy, 9, 49–51.
Lee, P., Clark, A., Bushnell, L., & Poovendran, R. (2014). A passivity framework for modeling and mitigating wormhole attacks on networked control systems. IEEE Transactions on Automatic Control, 59, 3224–3237. https://doi.org/10.1109/TAC.2014.2351871.
Lei, H., Chen, B., Butler-Purry, K. L., & Singh, C. (2018). Security and reliability perspectives in cyber-physical smart grids. In 2018 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia) (pp. 42–47). https://doi.org/10.1109/ISGT-Asia.2018.8467794.
Leverett, E. P. (2011). Quantitatively assessing and visualising industrial system attack surfaces. University of Cambridge, Darwin College, 7.
Lin, S.-W., Crawford, M., & Mellor, S. (2017a). The industrial internet of things, volume G1: Reference architecture. Industrial Internet Consortium.
Lin, S.-W., Murphy, B., Clauer, E., Loewen, U., Neubert, R., Bachmann, G., et al. (2017b). Architecture alignment and interoperability - An industrial internet consortium and platform industrie 4.0 joint whitepaper (No. IIC:WHT: IN3: V1.0:PB: 2017120 5).
Mamdouh, M., Elrukhsi, M. A. I., & Khattab, A. (2018). Securing the internet of things and wireless sensornetworks via machine learning: A survey. In 2018 International Conference on Computer and Applications (ICCA) (pp. 215–218). https://doi.org/10.1109/COMAPP.2018.8460440.
Martinelli, F., & Matteucci, I. (2007). An approach for the specification, verification and synthesis of secure systems. Electronic Notes in Theoretical Computer Science, 168, 29–43.
Matteucci, I. (2007). Automated synthesis of enforcing mechanisms for security properties in a timed setting. Electronic Notes in Theoretical Computer Science, 186, 101–120.
Maurer, T. (2017). What is a digital twin? Siemens. https://community.plm.automation.siemens.com/t5/Digital-Twin-Knowledge-Base/What-is-a-digital-twin/ta-p/432960.
Mitchell, R., & Chen, I.-R. (2014). A survey of intrusion detection techniques for cyber-physical systems. ACM Computing Surveys(CSUR), 46, 55.
Mo, Y., Garone, E., Casavola, A., & Sinopoli, B. (2010). False data injection attacks against state estimation in wireless sensor networks. In 49th IEEE Conference on Decision and Control (CDC) (pp. 5967–5972). https://doi.org/10.1109/CDC.2010.5718158.
Mo, Y., Kim, T. H.-J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., & Sinopoli, B. (2012). Cyber-physical security of a smart grid infrastructure. Proceedings of the IEEE, 100, 195–209.
Mouratidis, H., Giorgini, P., & Manson, G. (2003). Integrating security and systems engineering: Towards the modelling of secure information systems. In J. Eder & M. Missikoff (Eds.), Advanced information systems engineering (pp. 63–78). Berlin: Springer.
Neuman, D. C. (2009). Challenges in security for cyber-physical systems. In DHS workshop on future directions in cyber-physical systems security.
Pang, Z. H., Liu, G. P., & Dong, Z. (2011). Secure networked control systems under denial of service attacks. In IFAC proceedings volumes, 18th IFAC World Congress 44, 8908–8913. https://doi.org/10.3182/20110828-6-IT-1002.02862.
Paxson, V. (1998). Bro. A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX security symposium.
Pfleeger, C. P., & Pfleeger, S. L. (2006). Security in computing (4th ed.). Upper Saddle River, NJ: Prentice Hall.
Qin, S. J. (2012). Survey on data-driven industrial process monitoring and diagnosis. Annual Reviews in Control, 36, 220–234.
Rajkumar, R., Lee, I., Sha, L., & Stankovic, J. (2010). Cyber-physical systems: The next computing revolution. In Design Automation Conference (DAC), 2010 47th ACM/IEEE (pp. 731–736). IEEE.
Rigatos, G. (2015). Differential flatness approaches to nonlinear filtering and control: Applications to electromechanical systems. New York: Springer.
Rigatos, G. (2016). Intelligent renewable energy systems: Modelling and control. Cham: Springer.
Ross, R. S., Katzke, S. W., & Johnson, L. A. (2006). Minimum security requirements for federal information and information systems.
Ruiz, J. F., Maña, A., & Rudolph, C. (2015). An integrated security and systems engineering process and modelling framework. The Computer Journal, 58, 2328–2350.
Ryu, D. H., Kim, H., & Um, K. (2009). Reducing security vulnerabilities for critical infrastructure. Journal of Loss Prevention in the Process Industries, 22, 1020–1024.
Santamarta, R. (2012). Here be backdoors: A journey into the secrets of industrial firmware. Black Hat USA.
Schweichhart, K. (n.d.). Reference architectural model industrie 4.0 (RAMI 4.0) - An introduction.
Serpanos, D. (2018). The cyber-physical systems revolution. Computer, 51, 70–73.
Serpanos, D., & Wolf, M. (2017). Internet-of-things (IoT) systems: Architectures, algorithms, methodologies. Cham: Springer.
Setola, R. (2011). Cyber threats to SCADA systems.
Singh, V. P., Kishor, N., & Samuel, P. (2016). Load frequency control with communication topology changes in smart grid. IEEE Transactions on Industrial Informatics, 12, 1943–1952. https://doi.org/10.1109/TII.2016.2574242.
Soulat, R. (2014). Synthesis of correct-by-design schedulers for hybrid systems (PhD Thesis). École normale supérieure de Cachan-ENS Cachan.
Tao, F., Zhang, H., Liu, A., & Nee, A. (2018). Digital twin in industry: State-of-the-art. IEEE Transactions on Industrial Informatics, 15(4), 2405–2415.
Tauber, M., & Schmittner, C. (2018). Enabling security and safety evaluation in industry 4.0 use cases with digital twins. ERCIM News.
Turk, R. J., et al. (2005). Cyber incidents involving control systems. New York: CiteSeer.
Watterson, C., & Heffernan, D. (2007). Runtime verification and monitoring of embedded systems. IET Software, 1, 172–179.
Welch, D., & Lathrop, S. (2003). Wireless security threat taxonomy. In Information assurance workshop, 2003. IEEE systems, man and cybernetics society (pp. 76–83). IEEE.
Yang, J., Yessenov, K., & Solar-Lezama, A. (2012). A language for automatically enforcing privacy policies. In ACM SIGPLAN notices (pp. 85–96). New York: ACM.
Zhang, M., Duan, Y., Feng, Q., & Yin, H. (2015). Towards automatic generation of security-centric descriptions for android apps. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 518–529). New York: ACM.
Zhang, H., Shu, Y., Cheng, P., & Chen, J. (2016). Privacy and performance trade-off in cyber-physical systems. IEEE Network, 30, 62–66. https://doi.org/10.1109/MNET.2016.7437026.
Acknowledgments
This work is supported by the project "I3T—Innovative Application of Industrial Internet of Things (IIoT) in Smart Environments” (MIS 5002434) implemented under the “Action for the Strategic Development on the Research and Technological Sector,” funded by the Operational Programme “Competitiveness, Entrepreneurship and Innovation” (NSRF 2014–2020) and co-financed by Greece and the European Union (European Regional Development Fund).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Fournaris, A.P., Komninos, A., Lalos, A.S., Kalogeras, A.P., Koulamas, C., Serpanos, D. (2019). Design and Run-Time Aspects of Secure Cyber-Physical Systems. In: Biffl, S., Eckhart, M., Lüder, A., Weippl, E. (eds) Security and Quality in Cyber-Physical Systems Engineering. Springer, Cham. https://doi.org/10.1007/978-3-030-25312-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-25312-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25311-0
Online ISBN: 978-3-030-25312-7
eBook Packages: Computer ScienceComputer Science (R0)