More Web Proxy on the site http://driver.im/

research-article

Open access

Threat Analysis in Systems-of-Systems: An Emergence-Oriented Approach

Authors:

Andrea Ceccarelli,

Alexandr Vasenev,

Lorena Montoya,

Andrea BondavalliAuthors Info & Claims

ACM Transactions on Cyber-Physical Systems, Volume 3, Issue 2

Article No.: 18, Pages 1 - 24

https://doi.org/10.1145/3234513

Published: 22 October 2018 Publication History

All formats PDF

Abstract

Cyber-physical Systems of Systems (SoSs) are large-scale systems made of independent and autonomous cyber-physical Constituent Systems (CSs) which may interoperate to achieve high-level goals also with the intervention of humans. Providing security in such SoSs means, among other features, forecasting and anticipating evolving SoS functionalities, ultimately identifying possible detrimental phenomena that may result from the interactions of CSs and humans. Such phenomena, usually called emergent phenomena, are often complex and difficult to capture: the first appearance of an emergent phenomenon in a cyber-physical SoS is often a surprise to the observers. Adequate support to understand emergent phenomena will assist in reducing both the likelihood of design or operational flaws, and the time needed to analyze the relations amongst the CSs, which always has a key economic significance. This article presents a threat analysis methodology and a supporting tool aimed at (i) identifying (emerging) threats in evolving SoSs, (ii) reducing the cognitive load required to understand an SoS and the relations among CSs, and (iii) facilitating SoS risk management by proposing mitigation strategies for SoS administrators. The proposed methodology, as well as the tool, is empirically validated on Smart Grid case studies by submitting questionnaires to a user base composed of 3 stakeholders and 18 BSc and MSc students.

References

[1]

M. Jamshidi, Ed. 2009. System-of-Systems Engineering - Innovations for the 21st Century. J. Wiley 8 Sons.

[2]

A. Waller and R. Craddock. 2011. Managing runtime re-engineering of a system-of-systems for cyber security. In 6th International Conference on System of Systems Engineering (SoSE). 13--18.

[3]

S. A. Selberg and M. A. Austin. 2008. Toward an evolutionary system-of-systems architecture. In INCOSE, 2008.

[4]

S. Bleikertz, J. W. Bullée, M. Ford, D. Ionita, H. Jonkers, L. Montoya, S. Saraiva, A. Tanner, A. S. Yesuf, J. Willemson, C. W. Probst. 2015. D1.3.3. Dynamic features of socio-technical security models. TREsPASS Project, 2015.

[5]

Hussein A. Abbass, Sameer Alam, and Axel Bender. 2009. MEBRA: Multiobjective evolutionary-based risk assessment. IEEE Computational Intelligence Magazine 4, 3 (2009), 29--36.

Digital Library

[6]

Kip Morison, Wang Lei, and Kundur Prabha. 2004. Power system security assessment. Power and Energy Magazine, 2, 5 (2004), 30--39.

[7]

A. Najgebauer, R. Antkiewicz, M. Chmielewski, and R. Kasprzak. 2008. The prediction of terrorist threat on the basis of semantic association acquisition and complex network evolution. Journal of Telecommunications and Information Technology. (2008), 14--20.

[8]

Lund Mass Soldal, Bjørnar Solhaug, and Ketil Stølen. 2011. Risk analysis of changing and evolving systems using CORAS. Foundations of Security Analysis and Design VI. Springer, Berlin, 231--274.

Digital Library

[9]

B. Ganter, R. Wille, and R. Wille. 1999. Formal Concept Analysis. Springer, Berlin.

[10]

NIST. 2012. Guide for Conducting Risk Assessments. NIST Special Publication 800-30, Sep (2012).

[11]

NIST. 2010. Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security. Guideline, Sep (2010).

[12]

IRENE. 2015. D2.1: Threats identification and ranking, 2015. Retrieved from http://www.ireneproject.eu.

[13]

W. Pieters, D. Hadžiosmanović, A. Lenin, L. Montoya, and J. Willemson. 2014. TREsPASS: Plug-and-play attacker profiles for security risk analysis (poster). In 35th IEEE Symposium on Security and Privacy. IEEE Computer Society.

[14]

M. Mori, A. Ceccarelli, P. Lollini, A. Bondavalli, and B. Frömel. 2016. A holistic viewpoint-based SysML profile to design systems-of-systems. In Proceedings of the IEEE International Symposium on High Assurance Systems Engineering (HASE). 276--283.

Digital Library

[15]

K. Pohl, G. Bockle, and F. van der Linden. 2005. Software Product Line Engineering: Foundations, Principles and Techniques. Springer, Berlin, 2005.

[16]

S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly. 2001. Identifying, understanding, and analyzing critical infrastructure interdependencies. Control Systems, IEEE, 21, 6 (Dec 2001), 11--25.

[17]

Stephan Murer and Bruno Bonati. 2010. Managed Evolution: A Strategy for Very Large Information Systems. Springer Science 8 Business Media, 2010.

Digital Library

[18]

H. Kopetz, A. Bondavalli, F. Brancati, B. Fromel, O. Hoftberger, and S. Iacob. 2016. Emergence in cyber-physical systems-of-systems (CPSoSs). In. Cyber-Physical Systems of Systems. Foundations -- A Conceptual Model and Some Derivations: The AMADEOS Legacy. Lecture Notes in Computer Science, vol. 10099, Springer, Berlin.

[19]

Jeffrey C. Mogul. 2006. Emergent (mis) behavior vs. complex software systems. ACM SIGOPS Operating Systems Review, 40, 4 (2006), 293--304.

Digital Library

[20]

Virgil Gligor. 2004. Security of emergent properties in ad-hoc networks (transcript of discussion). In Security Protocols. Springer, Berlin, 2004, 256--266.

Digital Library

[21]

Marco Mori, Andrea Ceccarelli, Tommaso Zoppi, and Andrea Bondavalli. 2016. On the impact of emergent properties on SoS security. In IEEE System-of-Systems Engineering (SoSE’16).

[22]

Andrea Ceccarelli, Andrea Bondavalli, Bernhard Froemel, Oliver Hoeftberger, and Hermann Kopetz. 2016. Basic concepts on systems of systems. In Cyber-Physical Systems of Systems. Foundations -- A Conceptual Model and Some Derivations: The AMADEOS Legacy. Lecture Notes in Computer Science, vol. 10099, Springer, Berlin.

[23]

D. Ionita, R. Kegel, A. Baltuta, and R. Wieringa. 2016. ArgueSecure: Out-of-the-box security risk assessment. In 3rd Evolving Security 8 Privacy Requirements Engineering Workshop: co-located with 24th IEEE International Requirements Engineering Conference (RE’16). Beijing, Springer.

[24]

SMB Smart Grid Strategic Group SG3, IEC Smart Grid Standardization RoadMap, Ed 1.0, June 2010, http://www.iec.ch/smartgrid/downloads/sg3_roadmap.pdf {last accessed 1st February 2016}.

[25]

George Arnold and Ralph Sporer. 2016. “White Paper on Standardization of Smart Grids”, {Online}. https://www.nist.gov/sites/default/files/documents/smartgrid/eu-us-smartgrids-white-paper.pdf {last accessed 1st February 2016}.

[26]

Mladen Kezunovic, Hongbiao Song, and Nan Zhang. 2005. “Detection, prevention and mitigation of cascading events, Final Report, Part I, October 2005 {Online}. Retrieved from http://www.pserc.org.

[27]

N. Ayewah, W. Pugh, J. D. Morgenthaler, J. Penix, and Y. Zhou. 2007. Using findbugs on production software. Companion to the 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications. ACM, 2007.

Digital Library

[28]

John Sweller. 1994. Cognitive load theory, learning difficulty, and instructional design. Learning and Instruction 4, 4 (1994), 295--312.

[29]

Paul A. Kirschner. 2002. Cognitive load theory: Implications of cognitive load theory on the design of learning. Learning and Instruction 12, 1 (2002), 1--10.

[30]

Paul Chandler and John Sweller. 1992. The split‐attention effect as a factor in the design of instruction. British Journal of Educational Psychology 62, 2 (1992), 233--246.

[31]

ISO 31000. 2009. Risk Management -- Principles and Guidelines. Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber=43170.

[32]

Edmund H. Conrow. 2005. Risk management for systems of systems. CrossTalk 18, 2 (2005), 8--12.

[33]

Oddgeir Friborg, Monica Martinussen, and Jan H. Rosenvinge. 2006. Likert-based vs. semantic differential-based scorings of positive psychological constructs: A psychometric comparison of two versions of a scale measuring resilience. Personality and Individual Differences 40, 5 (2006), 873--884.

[34]

O. Jung, S. Bessler, A. Ceccarelli, T. Zoppi, A. Vasenev, L. Montoya, T. Clarke, and K. Chappell. 2016. Towards a collaborative framework to improve urban grid resilience. In 2016 IEEE International Energy Conference (ENERGYCON). IEEE, 1--6.

[35]

Cardenas Alvaro, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, and Shankar Sastry. 2009. Challenges for securing cyber physical systems. In Workshop on Future Directions in Cyber-physical Systems Security, 5 (2009).

[36]

Robert L. Flood and Michael C. Jackson. 1991. Critical Systems Thinking. Wiley, Chichester.

[37]

D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zeropower defenses, SP 2008. In IEEE Symposium on Security and Privacy, 2008.

Digital Library

[38]

G. Liang, S. R. Weller, J. Zhao, F. Luo, and Z. Y. Dong. 2017. The 2015 Ukraine blackout: Implications for false data injection attacks. IEEE Transactions on Power Systems 32, 4, 3317--3318.

[39]

Ik Jae Chung. 2011. Social amplification of risk in the Internet environment. Risk Analysis 31, 12 (2011), 1883--1896.

[40]

E. M. Aldrich, J. Grundfest, and G. Laughlin. 2016. The flash crash: A new deconstruction.

[41]

Y. Bachy, F. Basse, V. Nicomette, E. Alata, M. Kaâniche, J. C. Courrege, and P. Lukjanenko. (2015). Smart-TV security analysis: Practical experiments. In 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (June 2015), 497--504.

Digital Library

[42]

Guo Zhenyu and Yacov Y. Haimes. 2017. Exploring systemic risks in systems-of-systems within a multiobjective decision framework. IEEE Transactions on Systems, Man, and Cybernetics: Systems 47, 6 (2017), 906--915.

[43]

T. Zoppi, A. Ceccarelli, and M. Mori. 2017. A tool for evolutionary threat analysis of smart grids. In Smart Grid Inspired Future Technologies. Springer, Berlin, 205--211.

[44]

IRENE. D5.2: Evaluation method design, evaluation of IRENE methods, collaboration framework and modelling tool, 2017 {Project Report}

[45]

R. D. Christie. 1999. Power Systems Test Case. http://www.ee.washington.edu/research/pstca/.

[46]

H. Kopetz. 2011. Real-Time Systems: Design Principles for Distributed Embedded Applications. Springer Science 8 Business Media.

Digital Library

[47]

H. A. Simon. 1996. The Architecture of Complexity. MIT Press, Cambridge, MA, 219.

[48]

A. Bondavalli, A. Ceccarelli, P. Lollini, L. Montecchi, and M. Mori. 2016. System-of-systems to support mobile safety critical applications: Open challenges and viable solutions. IEEE Systems Journal.

[49]

National Cyber Security Center, Information Risk Management: HMG IA Standard Numbers 1 8 2, 2015. Retrieved from https://www.ncsc.gov.uk/.

[50]

Gov. of Canada, All Hazards Risk Assessment Methodology Guidelines 2012-2013. Retrieved from https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ll-hzrds-ssssmnt/index-en.aspx#iap.

[51]

Peter G. Neumann. 2004. Principled assuredly trustworthy composable architectures. Final report for Task 1 (2004).

[52]

Emiliano Guevara. 2011. Computing semantic compositionality in distributional semantics. In 9th International Conference on Computational Semantics (IWCS’11). Association for Computational Linguistics, Stroudsburg, PA, 135--144.

Digital Library

[53]

J. S. Dahman and K. J. Baldwin. 2008. Understanding the current state of US defense systems of systems and the implications for systems engineering. In 2nd Annual IEEE Systems Conference, IEEE Press, 2008.

Cited By

Nordstrom TSutfeld LBesker T(2024)Exploring different Actor Roles in Orchestrations of System of Systems2024 19th Annual System of Systems Engineering Conference (SoSE)10.1109/SOSE62659.2024.10620949(190-196)Online publication date: 23-Jun-2024
https://doi.org/10.1109/SOSE62659.2024.10620949
Karthikeyan AKarthikeyan KSwathika O(2024)Cyber-physical security in a stand-alone photovoltaic system for rural electrificationNext-Generation Cyber-Physical Microgrid Systems10.1016/B978-0-443-22187-3.00002-3(29-75)Online publication date: 2024
https://doi.org/10.1016/B978-0-443-22187-3.00002-3
Shaheen NMusarat MHassan IAlaloul W(2024)Economic assessments of inhibiting technologies for greenhouse gas emissionAdvances and Technology Development in Greenhouse Gases: Emission, Capture and Conversion10.1016/B978-0-443-19231-9.00003-X(311-335)Online publication date: 2024
https://doi.org/10.1016/B978-0-443-19231-9.00003-X
Show More Cited By

Index Terms

Threat Analysis in Systems-of-Systems: An Emergence-Oriented Approach

Recommendations

Towards Independent In-Cloud Evolution of Cyber-Physical Systems
CPSNA '14: Proceedings of the 2014 IEEE International Conference on Cyber-Physical Systems, Networks, and Applications

The capabilities of Cyber-Physical Systems (CPSs) are increasingly being extended towards new composite services deployed across a range of smart sensing and controlling devices. These services enable the emergence of multiple end-to-end cyber-physical ...
Dependency-based security risk assessment for cyber-physical systems
Abstract
A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and ...
Formal threat analysis of machine learning-based control systems: A study on smart healthcare systems
Abstract
Modern cyber-physical systems (CPSs) use the Internet of Things (IoT) to collect and exchange data efficiently, monitor device/sensor level interaction effectively, and adopt new standards effortlessly. Machine learning (ML) models are growingly ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Cyber-Physical Systems

ACM Transactions on Cyber-Physical Systems Volume 3, Issue 2

April 2019

283 pages

ISSN:2378-962X

EISSN:2378-9638

DOI:10.1145/3284746

Editor:
Tei-Wei Kuo
National Taiwan University, and Academia Sinica, Taiwan

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 22 October 2018

Accepted: 01 June 2018

Revised: 01 April 2018

Received: 01 September 2017

Published in TCPS Volume 3, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

European Union 7th Framework Programme (FP7/2007-2013)
“SIgnaling 8 Sensing Technologies in Railway application”
“Ente Cassa Di Risparmio di Firenze”, Bando per progetti 2016
REGIONE TOSCANA POR FESR 2014-2020 SISTER
Joint Program Initiative (JPI) Urban Europe via the IRENE

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
1,127
Total Downloads

Downloads (Last 12 months)176
Downloads (Last 6 weeks)15

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Nordstrom TSutfeld LBesker T(2024)Exploring different Actor Roles in Orchestrations of System of Systems2024 19th Annual System of Systems Engineering Conference (SoSE)10.1109/SOSE62659.2024.10620949(190-196)Online publication date: 23-Jun-2024
https://doi.org/10.1109/SOSE62659.2024.10620949
Karthikeyan AKarthikeyan KSwathika O(2024)Cyber-physical security in a stand-alone photovoltaic system for rural electrificationNext-Generation Cyber-Physical Microgrid Systems10.1016/B978-0-443-22187-3.00002-3(29-75)Online publication date: 2024
https://doi.org/10.1016/B978-0-443-22187-3.00002-3
Shaheen NMusarat MHassan IAlaloul W(2024)Economic assessments of inhibiting technologies for greenhouse gas emissionAdvances and Technology Development in Greenhouse Gases: Emission, Capture and Conversion10.1016/B978-0-443-19231-9.00003-X(311-335)Online publication date: 2024
https://doi.org/10.1016/B978-0-443-19231-9.00003-X
Olivero MBertolino ADominguez-Mayo FEscalona MMatteucci I(2024)A systematic mapping study on security for systems of systemsInternational Journal of Information Security10.1007/s10207-023-00757-023:2(787-817)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00757-0
Fendali MBorne IMeslati DSouici‐Meslati L(2024)How to steer evolution of a system‐of‐systemsSystems Engineering10.1002/sys.21787Online publication date: 21-Oct-2024
https://doi.org/10.1002/sys.21787
Zoppi TMungiello ICeccarelli ACirillo ASarti LEsposito LScaglione GRepetto SBondavalli A(2023)Safe Maintenance of Railways using COTS Mobile Devices: The Remote Worker DashboardACM Transactions on Cyber-Physical Systems10.1145/36071937:4(1-20)Online publication date: 4-Jul-2023
https://dl.acm.org/doi/10.1145/3607193
Besker TFranke UAxelsson J(2023)Navigating the Cyber-Security Risks and Economics of System-of-Systems2023 18th Annual System of Systems Engineering Conference (SoSe)10.1109/SoSE59841.2023.10178677(1-8)Online publication date: 14-Jun-2023
https://doi.org/10.1109/SoSE59841.2023.10178677
Dias RZacarias RVarella Jdos Santos R(2022)Investigating Information Security in Systems-of-SystemsProceedings of the XVIII Brazilian Symposium on Information Systems10.1145/3535511.3535523(1-8)Online publication date: 16-May-2022
https://dl.acm.org/doi/10.1145/3535511.3535523
Watson BBras B(2022)Connections Between System of System Sustainability and Resilience in an Electric Motor Manufacturing Supply ChainProcedia CIRP10.1016/j.procir.2022.02.038105(231-236)Online publication date: 2022
https://doi.org/10.1016/j.procir.2022.02.038
Bertieri DCeccarelli AZoppi TMungiello IBarbareschi MBondavalli A(2021)Development and validation of a safe communication protocol compliant to railway standardsJournal of the Brazilian Computer Society10.1186/s13173-021-00106-w27:1Online publication date: 2-Mar-2021
https://doi.org/10.1186/s13173-021-00106-w
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents