Compositional Thinking in Cyberphysical Systems Theory

EPTCS, Proceedings 3rd Annual International Applied Category Theory Conference 2020, 2020

Assuring the correct behavior of cyber-physical systems requires significant modeling effort, particularly during early stages of the engineering and design process when a system is not yet available for testing or verification of proper behavior. A primary motivation for 'getting things right' in these early design stages is that altering the design is significantly less costly and more effective than when hardware and software have already been developed. Engineering cyber-physical systems requires the construction of several different types of models, each representing a different view, which include stakeholder requirements, system behavior, and the system architecture. Furthermore, each of these models can be represented at different levels of abstraction. Formal reasoning has improved the precision and expanded the available types of analysis in assuring correctness of requirements, behaviors , and architectures. However, each is usually modeled in distinct formalisms ...

Systems Engineering

Many safety-related systems are evolving into cyber-physical systems (CPSs), integrating information technologies in their control architectures and modifying the interactions among automation and human operators. Particularly, a promising potential exists for enhanced efficiency and safety in applications such as autonomous transportation systems, control systems in critical infrastructures, smart manufacturing and process plants, robotics, and smart medical devices, among others. However, the modern features of CPSs are ambiguous for system designers and risk analysts, especially considering the role of humans and the interactions between safety and security. The sources of safety risks are not restricted to accidental failures and errors anymore. Indeed, cybersecurity attacks can now cascade into safety risks leading to physical harm to the system and its environment. These new challenges demand system engineers and risk analysts to understand the security vulnerabilities existing in CPS features and their dependencies with physical processes. Therefore, this paper (a) examines the key features of CPSs and their relation with other system types; (b) defines the dependencies between levels of automation and human roles in CPSs from a systems engineering perspective; and (c) applies systems thinking to describe a multi-layered diagrammatic representation of CPSs for combined safety and security risk analysis, demonstrating an application in the maritime sector to analyze an autonomous surface vehicle.

2018 Annual IEEE International Systems Conference (SysCon), 2018

Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In this way, we can match possible attack vectors and provide architectural mitigation at the design phase. We present a model of a flight control system encoded in the Systems Modeling Language, commonly known as SysML, but also show agnosticism with respect to the modeling language or tool used.

2017

The Two-hemisphere model-driven (2HMD) approach assumes modelling and use of procedural and conceptual knowledge on an equal and related basis. This differentiates 2HMD approach from pure procedural, pure conceptual, and object oriented approaches. The approach may be applied in the context of modelling of a particular business domain as well as in the context of modelling the knowledge about the domain. Cyber-physical systems are heterogeneous systems, which require multi-disciplinary approach to their modelling. Modelling of cyber-physical systems by 2HMD approach gives an opportunity to transparently compose and analyse system components to be provided and components actually provided, and, thus, to identify and fill the gaps between desirable and actual system content.

2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)

Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyberphysical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.

Software and Systems Modeling

Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of “-ilities”, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We il...

Proceedings of the 6th ACM on Cyber-Physical System Security Workshop

The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented. CCS CONCEPTS • Computer systems organization → Embedded and cyberphysical systems; • Security and privacy → Intrusion detection systems; • General and reference → Design.

The two-hemisphere model-driven (2HMD) approach assumes modelling and use of procedural and conceptual knowledge on an equal and related basis. This differentiates 2HMD approach from pure procedural , pure conceptual, and object oriented approaches. The approach may be applied in the context of modelling of a particular business domain as well as in the context of modelling the knowledge about the domain. Cyber-physical systems are heterogeneous systems, which requires multidisciplinary approach to their modelling. Modelling of cyber-physical systems by 2HMD approach gives an opportunity to transparently decompose and analyse system's components to be provided and components actually provided, and, thus, to identify and fill the gaps between desirable and actual system content.

2009

Abstract Modern cyber-physical systems are found in important domains such as automobiles, medical devices, building automation, avionics, etc.. Hence, they are increasingly prone to security violations. Often such vulnerabilities occur as a result of contradictory requirements between the safety/real-time properties and the security needs of the system. In this paper we propose a formal framework that assists designers in detecting such conflicts early, thus increasing both, the safety and the security of the overall system.

2011

A wide variety of programming abstractions have been developed for cyber-physical systems. These approaches provide support for the composition of cyber-physical systems from generic units of application functionality. This paper surveys the current state-of-the-art in composition mechanisms for cyber physical systems and reviews each approach in terms of its support for composition analysis, re-use and adaptation. We then review approaches for modeling and verifying cyber-physical application compositions and conclude by proposing promising research directions that will address these shortcomings.