Abstract
Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space. Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems. These activities often incorporate security mechanisms from different realms. We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems. We provide a comprehensive survey on the domain-specific architectures, countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems, and adapt these elements to the newly designed flow paradigm. Finally, we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.
Article PDF
Similar content being viewed by others
References
KIM K, KUMAR P R. Cyber-physical systems: a perspective at the centennial[J]. Proceedings of the IEEE, 2012, 100: 1287–1308.
RUSHANAN M, RUBIN A D, KUNE D F, et al. Sok: security and privacy in implantable medical devices and body area networks[C]//IEEE Symposium on Security and Privacy (S&P), 2014: 524–539.
KONSTANTINOU C, MANIATAKOS M, SAQIB F, et al. Cyber-physical systems: a security perspective[C]//The 20th IEEE European Test Symposium, 2015: 1–8.
STUDNIA I, NICOMETTE V, ALATA E, et al. Survey on security threats and protection mechanisms in embedded automotive networks [C]//The 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop, 2013: 1–12.
WOLF M, FERON E. What don’t we know about CPS architectures?[C]//The 52ndAnnual Design Automation Conference (DAC), 2015: 80-1–80-4.
LEE E A. CPS foundations[C]//The 47th Design Automation Conference (DAC), 2010: 737–742.
JENSEN J C, CHANG D H, LEE E A. A model-based design methodology for cyber-physical systems [C]//The 7th International Wireless Communications and Mobile Computing Conference, 2011: 1666–1671.
LIU Z, LIU J, HE J, et al. Spatiotemporal UML statechart for cyber-physical systems[C]//The 17th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), 2012: 137–146.
CANEDO A, FARUQUE M A A. Towards parallel execution of IEC 61131 industrial cyber-physical systems applications[C]//Design, Automation & Test in Europe Conference & Exhibition (DATE), 2012: 554–557.
YOONG L H, ROOP P S, SALCIC Z. Implementing constrained cyber-physical systems with IEC 61499[J]. ACM Trans. Embedded Comput. Syst., 2012, 11(4): 1–22.
TAN Y, VURAN M C, GODDARD S. Spatio-temporal event model for cyber-physical systems[C]//The 29th IEEE International Conference on Distributed Computing Systems Workshops, 2009: 44–50.
ALVES-FOSS J, TAYLOR C, OMAN P W. A multilayered approach to security in high assurance systems[C]//The 37th Hawaii International Conference on System Sciences, 2004: 90302b.
LUKASIEWYCZ M, STEINHORST S, ANDALAM S, et al. System architecture and software design for electric vehicles[C]//The 50th Annual Design Automation Conference (DAC), 2013: 95-1–95-6.
HATCLIFF J, KING A L, LEE I, et al. Rationale and architecture principles for medical application platforms[C]//IEEE/ACM 3rd International Conference on Cyber-Physical Systems (ICCPS), 2012: 3–12.
SHIN D, HE S, ZHANG J. Robust, secure, and cost-effective design for cyber-physical systems[J]. IEEE intelligent systems, 2014, 29(1): 66–69.
WAN K, ALAGAR V S. Context-aware security solutions for cyber-physical systems[J]. MONET, 2014, 19(2): 212–226.
ZHU Q, RIEGER C, BASAR T. A hierarchical security architecture for cyber-physical systems[C]//The 4th International Symposium on Resilient Control Systems, IEEE, 2011: 15–20.
YOO H, SHON T. Challenges and research directions for heterogeneous cyber-physical system based on IEC 61850: vulnerabilities, security requirements, and security architecture[J]. Future generation computer systems, 2016, 61: 128–136.
ZHENG B, DENG P, RAJASEKHAR A, et al. Cross-layer codesign for secure cyber-physical systems[J]. IEEE trans, on CAD of integrated circuits and systems, 2016, 35(5): 699–711.
METKE A R, EKL R L. Security technology for smart grid networks[J]. IEEE trans, on smart grid, 2010, 1(1): 99–107.
TESFAY T T, HUBAUX J, BOUDEC J L, et al. Cybersecure communication architecture for active power distribution networks[C]//Symposium on Applied Computing (SAC), 2014: 545–552.
WANG X, MIZUNO M, NEILSEN M L, et al. Secure RTOS architecture for building automation[C]//The 1st ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC), 2015: 79–90.
VOLP M, ASMUSSEN N, HARTIG H, et al. Towards dependable CPS infrastructures: architectural and operating-system challenges[C]//The 20th IEEE Conference on Emerging Technologies & Factory Automation (ETFA), 2015: 1–8.
DONG X, LIN H, TAN R, et al. Software-defined networking for smart grid resilience: opportunities and challenges[C]//The 1st ACM Workshop on Cyber-Physical System Security (CPSS), 2015: 61–68.
SZEFER J, JAMKHEDKAR P A, CHEN Y, et al. Physical attack protection with human-secure virtualization in data centers[C]//IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, 2012: 1–6.
KEHOE B, PATIL S, ABBEEL P, et al. A survey of research on cloud robotics and automation[J]. IEEE trans, on automation science and engineering, 2015, 12(2): 398–409.
XU Z, ZHU Q. Secure and resilient control design for cloud enabled networked control systems[C]//The 1st ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC), 2015: 31–42.
PANDEY P, POMPILI D, YI J. Dynamic collaboration between networked robots and clouds in resource constrained environments[J]. IEEE trans, on automation science and engineering, 2015, 12(2): 471–480.
WAN J, ZHANG D, SUN Y, et al. VCMIA: a novel architecture for integrating vehicular cyber-physical systems and mobile cloud computing[J]. MONET, 2014, 19(2): 153–160.
CONMY P, NICHOLSON M, MCDERMID J A. Safety assurance contracts for integrated modular avionics[C]//The 8th Australian Workshop on Safety Critical Systems and Software, 2003: 69–78.
ALVES-FOSS J, OMAN P W, TAYLOR C, et al. The MILS architecture for high-assurance embedded systems[J]. IJES, 2006, 2(3/4): 239–247.
COOK A. ARINC 653-challenges of the present and future[J]. Microprocessors and microsystems - embedded hardware design, 1995, 19(10): 575–579.
International Standardization Organization. ISO 15408: information technology-security techniques - evaluation criteria for IT security (common criteria)[S]. 2009, http://www.commoncriteriaportal.org.
CAMEK A G, BUCKL C, KNOLL A. Future cars: necessity for an adaptive and distributed multiple independent levels of security architecture[C]//The 2nd ACM International Conference on High Confidence Networked Systems (HiCoNS), 2013: 17–24.
PITCHFORD M. Applying MILS principles to design connected embedded devices supporting the cloud, multitenancy and App Stores[C]//The 8th European Congress on Embedded Real Time Software and Systems (ERTS), 2016.
BYTSCHKOW D, QUILBEUF J, IGNA G, et al. Distributed MILS architectural approach for secure smart grids[C]//The 2nd International Workshop on Smart Grid Security (SmartGridSec), 2014: 16–29.
HARDIN D S. Invited tutorial: considerations in the design and verification of microprocessors for safety-critical and security-critical applications[C]//Formal Methods in Computer-Aided Design (FMCAD), 2008: 1–8.
OWEN C A, GROVE D A, NEWBY T, et al. PRISM: program replication and integration for seamless MILS[C]//The 32nd IEEE Symposium on Security and Privacy (S&P), 2011: 281–296.
HEITMEYER C L, ARCHER M, LEONARD E I, et al. Formal specification and verification of data separation in a separation kernel for an embedded system[C]//The 13th ACM Conference on Computer and Communications Security (CCS), 2006: 346–355.
KLEIN G, ELPHINSTONE K, HEISER G, et al. Sel4: formal verification of an OS kernel[C]//The 22nd ACM Symposium on Operating Systems Principles (SOSP), 2009: 207–220.
CRESPO A, RIPOLL I, MASMANO M. Partitioned embedded architecture based on hypervisor: the xtratum approach[C]//The 8th European Dependable Computing Conference (EDCC), 2010: 67–72.
AXELSSON J, Kobetski A. Architectural concepts for federated embedded systems[C]//European Conference on Software Architecture Workshops, 2014: 25-1–25-8.
NI Z, KOBETSKI A, AXELSSON J. Design and implementation of a dynamic component model for federated AUTOSAR systems[C]//The 51st Annual Design Automation Conference (DAC), 2014: 94-1–94-6.
ZUEPKE A, BOMMERT M, LOHMANN D. AUTOBEST: a united AUTOSAR-OS and ARINC 653 kernel[C]//The 21st IEEE Real-Time and Embedded Technology and Applications Symposium, 2015: 133–144.
ABDALLAH A, FERON E M, HELLESTRAND G R, et al. Hardware/software codesign of aerospace and automotive systems[J]. Proceedings of the IEEE, 2010, 98(4): 584–602.
SEIFERT S, OBERMAISSER R. Secure automotive gateway-secure communication for future cars[C]//The 12th IEEE International Conference on Industrial Informatics (INDIN), 2014: 213–220.
SAGSTETTER F, LUKASIEWYCZ M, STEINHORST S, et al. Security challenges in automotive hardware/ software architecture design[C]//Design, Automation and Test in Europe (DATE), 2013: 458–463.
KOUSHANFAR F, SADEGHI A, SEUDIE H. EDA for secure and dependable cybercars: challenges and opportunities[C]//The 49th Annual Design Automation Conference (DAC), 2012: 220–228.
FLETCHER K K, LIU X F. Security requirements analysis, specification, prioritization and policy development in cyber-physical systems[C]//The 5th International Conference on Secure Software Integration and Reliability Improvement (SSIRI), 2011: 106–113.
PASQUALETTI F, ZHU Q. Design and operation of secure cyber-physical systems[J]. Embedded systems letters, 2015, 7(1): 3–6.
FARUQUE M A A, REGAZZONI F, PAJIC M. Design methodologies for securing cyber-physical systems[C]//International Conference on Hardware/ Software Codesign and System Synthesis (CODES+ISSS), 2015: 30–36.
WAN J, CANEDO A, FARUQUE M A A. Security-aware functional modeling of cyber-physical systems[C]//The 20th IEEE Conference on Emerging Technologies & Factory Automation (ETFA), 2015: 1–4.
DENNING T, KRAMER D B, FRIEDMAN B, et al. CPS: beyond usability: applying value sensitive design based methods to investigate domain characteristics for security for implantable cardiac devices[C]//The 30th Annual Computer Security Applications Conference (ACSAC), 2014: 426–435.
DERLER P, LEE E A, TRIPAKIS S, et al. Cyber physical system design contracts[C]//ACM/IEEE 4th International Conference on Cyber-Physical Systems (ICCPS), 2013: 109–118.
SANGIOVANNI-VINCENTELLIA L, DAMM W, PASSERONE R. Taming dr. frankenstein: contractbased design for cyber-physical systems[J]. Eur. j. control, 2012, 18(3): 217–238.
CIMATTI A, DELONG R, MARCANTONIO D, et al. Combining MILS with contract-based design for safety and security requirements[C]//Computer Safety, Reliability, and Security (SAFECOMP) Workshops, 2015: 264–276.
RUCHKIN I, DE NIZ D, CHAKI S, et al. Contract-based integration of cyber-physical analyses[C]//International Conference on Embedded Software (EMSOFT), 2014: 23-1–23-10.
RUCHKIN I, RAO A, de NIZ D, et al. Eliminating inter-domain vulnerabilities in cyber-physical systems: An analysis contracts approach[C]//The 1st ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC), 2015: 11–22.
ZHU Q, BASAR T. Game-theoretic methods for robustness, security, and resilience of cyber physical control systems: Games-in-games principle for optimal cross-layer resilient control systems[J]. IEEE control systems, 2015, 35(1): 46–65.
ZONOUZ S A, HAGHANI P. Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators’ responsive behavior[J]. Computers & security, 2013, 39: 190–200.
BACKHAUS S, BENT R, BONO J W, et al. Cyberphysical security: a game theory model of humans interacting over control systems[J]. IEEE trans, on smart grid, 2013, 4(4): 2320–2327.
MIAO F, PAJIC M, PAPPAS G J. Stochastic game approach for replay attack detection[C]//The 52nd IEEE Conference on Decision and Control (CDC), 2013: 1854–1859.
MIAO F, ZHU Q. A moving-horizon hybrid stochastic game for secure control of cyber-physical systems[C]//The 53rd IEEE Conference on Decision and Control (CDC), 2014: 517–522.
ABBAS W, LASZKA A, VOROBEYCHIK Y, et al. Scheduling intrusion detection systems in resource bounded cyber-physical systems[C]//The 1st ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC), 2015: 55–66.
ZHANG Y, WANG L, XIANG Y, et al. inclusion of scada cyber vulnerability in power system reliability assessment considering optimal resources allocation[J]. IEEE transactions on power dystems, 2016, 31(6): 4379–4394.
TEN C, MANIMARAN G, LIU C. Cyber security for critical infrastructures: attack and defense modeling[J]. IEEE Trans, on systems, man, and cybernetics, Part A, 2010, 40(4): 853–865.
DAVIS K R, DAVIS C M, ZONOUZ S A, et al. A cyber physical modeling and assessment framework for power grid infrastructures[J]. IEEE trans, on smart grid, 2015, 6(5): 2464–2475.
CHEN B, SCHMITTNER C, MA Z, et al. Security analysis of urban railway systems: the need for a cyber-physical perspective[C]//Computer Safety, Reliability, and Security (SAFECOMP) Workshops, 2015: 277–290.
VU A H, TIPPENHAUER N O, CHEN B, et al. CyberSAGE: a tool for automatic security assessment of cyber-physical systems[C]//The 11th International Conference on Quantitative Evaluation of Systems (QEST), 2014: 384–387.
CHEN B, KALBARCZYK Z, NICOL D M, et al. Go with the flow: toward workow-oriented security assessment[C]//New Security Paradigms Workshop (NSPW), 2013: 65–76.
ZHANG Y, WANG L, XIANG Y, et al. Power system reliability evaluation with SCADA cybersecurity considerations [J]. IEEE trans. on smart grid, 2015, 6(4): 1707–1721.
ZHANG Y, XIANG Y, WANG L. Power system reliability assessment incorporating cyber attacks against wind farm energy management systems [J]. IEEE transactions on smart grid, 2016, PP(99): 1–15.
BURMESTER M, MAGKOS E, CHRISSIKOPOULOS V. Modeling security in cyber-physical systems[J]. International journal of critical infrastructure protection, 2012, 5(3–4): 118–126.
CHEN T M, SANCHEZ-AARNOUTSE J C, BUFORD J F. Petri net modeling of cyber-physical attacks on smart grid[J]. IEEE trans. on smart grid, 2011, 2(4): 741–749.
MITCHELL R, CHEN I. Effect of intrusion detection and response on reliability of cyber physical systems[J]. IEEE trans, on reliability, 2013, 62(1): 199–210.
MITCHELL R, CHEN I. Modeling and analysis of attacks and counter defense mechanisms for cyber physical systems[J]. IEEE trans, on reliability, 2016, 65(1): 350–358.
LIU X, ZHU P, ZHANG Y, et al. A collaborative intrusion detection mechanism against false data injection attack in advanced metering infrastructure [J]. IEEE trans, on smart grid, 2015, 6(5): 2435–2443.
MACHER G, SPORER H, BERLACH R, et al. SAHARA: a security-aware hazard and risk analysis method[C]//Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015: 621–624.
SCHMITTNER C, MA Z, SCHOITSCH E, et al. A case study of FMVEA and CHASSIS as safety and security co-analysis method for automotive cyber-physical systems[C]//The 1st ACM Workshop on Cyber-Physical System Security (CPSS), 2015: 69–80.
WANG X, DAVIS M, ZHANG J, et al. Missionaware vulnerability assessment for cyber-physical systems[C]//2015 IEEE TrustCom / BigDataSE/ISPA, 2015: 1148–1153.
VELLAITHURAI C, SRIVASTAVAA K, ZONOUZ S A, et al. CPIndex: cyber-physical vulnerability assessment for power-grid infrastructures[J]. IEEE trans, on smart grid, 2015, 6(2): 566–575.
LIU Y, HU S, HO T. Vulnerability assessment and defense technology for smart home cybersecurity considering pricing cyberattacks[C]//IEEE/ACM International Conference on Computer-Aded Design (ICCAD), 2014: 183–190.
CLARKE E M, GRUMBERG O, JHA S, et al. Counterexample-guided abstraction re_nement[C]//The 12th International Conference on Computer Aded Verification (CAV), 2000: 154–169.
CANEDO A, SCHWARZENBACH E, FARUQUE M A A. Context-sensitive synthesis of executable functional models of cyber-physical systems[C]//ACM/IEEE 4th International Conference on Cyber-Physical Systems (ICCPS), 2013: 99–108.
HANG C, MANOLIOS P, PAPAVASILEIOU V. Synthesizing cyber-physical architectural models with realtime constraints[C]//The 23rd International Conference on Computer Aided Verification (CAV), 2011: 441–456.
PAJIC M, BEZZO N, WEIMER J, et al. Towards synthesis of platform-aware attack-resilient control systems: extended abstract[C]//The 2nd ACM International Conference on High Confidence Networked Systems (HiCoNS), 2013: 75–76.
LERNER L W, FRANKLIN Z R, BAUMANN W T, et al. Using high-level synthesis and formal analysis to predict and preempt attacks on industrial control systems[C]//ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA), 2014: 209–212.
RAHMAN M A, AL-SHAER E, KAVASSERI R G. Security threat analytics and countermeasure synthesis for power system state estimation[C]//The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014: 156–167.
THOMPSON S, BRAT G P, VENET A. Software model checking of ARINC-653 fight code with MCP[C]//The 2nd NASA Formal Methods Symposium (NFM), 2010: 171–181.
[90]DENMAN W, ZAKI M H, TAHAR S, et al. Towards fight control verification using automated theorem proving[C]//The 3rd NASA Formal Methods Symposium (NFM), 2011: 89–100.
MULLER C A, PAUL W J. Complete formal hardware verification of interfaces for a exray-like bus[C]//The 23rd International Conference on Computer Aided verification (CAV), 2011: 633–648.
WEISSMANN M, BEDENK S, BUCKL C, et al. Model checking industrial robot systems[C]//The 18th International Workshop on Model Checking Software (SPIN), 2011: 161–176.
GARLAPATI S, SHUKLA S K. Formal verification of hierarchically distributed agent based protection scheme in smart grid[C]//The 19th International Workshop on Model Checking Software (SPIN), 2012: 137–154.
POROOR J, JAYARAMAN B. Formal analysis of eventdriven cyber physical systems[C]//The 1st International Conference on Security of Internet of Things (SECURIT), 2012: 1–8.
RAHMAN M A, AL-SHAER E, BERA P. A noninvasive threat analyzer for advanced metering infrastructure in smart grid[J]. IEEE trans, on smart grid, 2013, 4(1): 273–287.
RAHMAN M A, AL-SHAER E, KAVASSERI R G. A formal model for verifying the impact of stealthy attacks on optimal power flow in power grids[C]//ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS), 2014: 175–186.
TRCKA N, MOULIN M, BOPARDIKAR S D, et al. A formal verification approach to revealing stealth attacks on networked control systems[C]//The 3rd International Conference on High Confidence Networked Systems (HiCoNS), 2014: 67–76.
MUNDHENK P, STEINHORST S, LUKASIEWYCZ M, et al. Security analysis of automotive architectures using probabilistic model checking[C]//The 52nd Annual Design Automation Conference (DAC), 2015: 38-1–38-6.
ZHENG B, LI W, DENG P, et al. Design and verification for transportation system security[C]//The 52nd Annual Design Automation Conference (DAC), 2015: 96-1–96-6.
KISSEL R, STINE K, SCHOLL M, et al. NIST SP 800- 64, Revision 2: security considerations in the system development life sycle[S]. 2008.
International Electrotechnical Commission. IEC 61508: functional safety of electrical/electronic/programmable electronic safety-related systems[S]. 2010.
STOUFFER K, FALCO J, SCARFONE K. NIST SP 800-82: guide to industrial control systems (ICS) security[S]. National Institute of Standards and Technology, 2011.
International Electrotechnical Commission. IEC 62443: industrial communication networks-network and system security-security for industrial automation and control systems[S]. 2009.
European Committee for Standardization. EN 50129: railway applications-communication, signalling and processing systems - safety related electronic systems for signalling[S]. 2003.
International Standardization Organization. ISO 26262: road vehicles-functional safety[S]. 2011.
BURTON S, LIKKEI J, VEMBAR P, et al. Automotive functional safety = safety + security [C]//The 1st International Conference on Security of Internet of Things (SECURIT), 2012: 150–159.
Arlines Electronic Engineering Committee. Arinc 811: commercial aircraft information security concepts of operation and process framework[S]. 2005.
RTCA/EUROCAE. ED-202A/DO-326A: airworthiness security process specification[S]. 2010.
RTCA/EUROCAE. ED-203/DO-356: airworthiness security methods and considerations [S]. 2014.
NIST Smart Grid, Cyber Security Working Group. NISTIR 7628: Guidelines for smart grid cyber security[EB/OL]. http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf
International Electrotechnical Commission. IEC 61850: communication networks and systems in substations[S]. 2003.
International Electrotechnical Commission. IEC 62351: power systems management and associated information exchange - data and communications security[S]. 2013.
CLEVELAND F. IEC TC57 security standards for the power system’s information infrastiucture-beyond simple encryption[C]//IEEE/ PES Transmission and Distribution Conference and Exhibition, 2006: 1079–1087.
North American Electric Reliability Corporation. Critical infrastructure protection (CIP) reliability standards[S]. 2009.
Author information
Authors and Affiliations
Additional information
This work is supported by the National Natural Science Foundation of China (Nos. 61303033, 61303221), the National High Technology Research and Development Program of China (863 Program) (No. 2015AA017203), the Natural Science Basis Research Plan in Shaanxi Province of China (No. 2016JM6034), China 111 Project (No. B16037), and the Special Research Foundation of MIIT (No. MJ-2014-S-37).
SUN Cong [corresponding author] was born in Xingping, Shannxi Province. He received a B.S. degree in computer science from Zhejiang University in 2005, and a Ph.D. degree in computer science from Peking University in 2011. He is currently an associate professor with the School of Cyber Engineering, Xidian University. His research interests include systems software and information security. (Email: suncong@xidian.edu.cn)
MA Jianfeng received a B.Sc. degree in mathematics from Shaanxi Normal University in 1985, and M.Sc. and Ph.D. degrees in computer software and communications engineering from Xidian University in 1988 and 1995, respectively. From 1999 to 2001, he was a research fellow with Nanyang Technological University of Singapore. Currently, he is a professor and Ph.D. supervisor in the School of Computer Science and Technology at Xidian University. He is also Director of Shaanxi Key Laboratory of Network and System Security. His research interests include information and network security, wireless and mobile computing systems, and computer networks. (Email: jfma@mail.xidian.edu.cn)
YAO Qingsong was born in Songzi, Hubei Province. He received a B.S. degree in computer science and technology from Xdian University in 2004, and a Ph.D. degree in computer science and technology from Xi’an Jiaotong University in 2012. He is currently an associate professor with the School of Cyber Engineering, Xdian University. His research interests include network security. (Email: qsyao@xidian.edu.cn)
Rights and permissions
About this article
Cite this article
Sun, C., Ma, J. & Yao, Q. On the architecture and development life cycle of secure cyber-physical systems. J. Commun. Inf. Netw. 1, 1–21 (2016). https://doi.org/10.1007/BF03391576
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/BF03391576