Introduction to Security and Quality Improvement in Complex Cyber-Physical Systems Engineering

  • Stefan BifflEmail author
  • Matthias Eckhart
  • Arndt Lüder
  • Edgar Weippl


Providing Complex Cyber-Physical Systems (C-CPSs) more efficiently and faster is a goal that requires improvements in engineering process for producing high-quality, advanced engineering artifacts. Furthermore, information security must be a top priority when engineering C-CPSs as the engineering artifacts represent assets of high value.

This chapter overviews the engineering process of C-CPSs, typically long-running technical systems, such as industrial manufacturing systems and continuous processing systems. This chapter also covers major areas of requirements that include: (a) processes with intensive generation of engineering artifacts; (b) challenges regarding dependencies and complexity of engineering artifacts, stemming from variants of a product and the associated production process for a family of products; (c) management of model and consistency rules for dependencies between model parts; (d) the internationalization of the engineering process with partners on different levels of trust; and (e) the security of the engineering processes, such as confidentiality of engineering plans, and the security of the systems to be engineered, such as security aspects in the design phase.

For selected requirement areas, the chapter discusses several approaches for quality improvement from business informatics that addresses important classes of requirements, but introduces new complexity to the engineering process. Therefore, the chapter reviews information security improvement approaches for engineering processes, including the consideration of new security requirements stemming from risks introduced by advanced informatics solutions. Finally, the chapter provides an overview on the book parts and the contributions of the chapters to address advanced engineering process requirements.


Complex cyber-physical systems Engineering process Multidisciplinary engineering AutomationML Information security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.



The financial support by the Christian Doppler Research Association, the Austrian Federal Ministry for Digital and Economic Affairs, and the National Foundation for Research, Technology, and Development is gratefully acknowledged.


  1. Abowd, P., Hörmann, K., Vanamali, B., Wall, D., & Schnetzer, S. (2018). Automotive spice essentials: Automotive spice v3.1 – at a glance. Kugler Maag.Google Scholar
  2. Axelsson, J., & Skoglund, M. (2016). Quality assurance in software ecosystems: A systematic literature mapping and research agenda. JSS, 114, 69–81.Google Scholar
  3. Beth, M., Chrissis, B., & Konrad, M. (2011). CMMI for development: Guidelines for process integration and product improvement. Boston, MA: Addison Wesley.Google Scholar
  4. Biffl, S., Gerhard, D., & Lüder, A. (2017a). Introduction to the multi-disciplinary engineering for cyber-physical production systems. In Multi-disciplinary engineering for cyber-physical production systems (pp. 1–24). Cham: Springer.CrossRefGoogle Scholar
  5. Biffl, S., Lüder, A., & Gerhard, D. (Eds.). (2017b). Multi-disciplinary engineering for cyber-physical production systems – Data models and software solutions for handling complex engineering projects. Cham: Springer.Google Scholar
  6. Borky, J. M., & Bradley, T. H. (2018). Effective model based systems engineering. Cham: Springer.Google Scholar
  7. Bosch, J. (2009, August). From software product lines to software ecosystems. In Proceedings of the 13th international software product line conference (pp. 111–119). Pittsburgh: Carnegie Mellon University.Google Scholar
  8. Brambilla, M., Cabot, J., & Wimmer, M. (2017). Model-driven software engineering in practice. Synthesis Lectures on Software Engineering, 3(1), 1–207.CrossRefGoogle Scholar
  9. Deming, W. E. (1986). Out of the crisis. Cambridge, MA: MIT Press.Google Scholar
  10. Deming, W. E. (1993). The new economics. Cambridge, MA: MIT Press.Google Scholar
  11. Dragos, Inc. (2018). Industrial control vulnerabilities: 2017 in review (Technical report). Hanover, MD: Dragos.
  12. Eckhart, M., & Ekelhart, A. (2018a, May). Towards security-aware virtual environments for digital twins. In Proceedings of the 4th ACM workshop on cyber-physical system security (pp. 61–72). ACM.Google Scholar
  13. Eckhart, M., & Ekelhart, A. (2018b). Securing cyber-physical systems through digital twins. ERCIM NEWS, 115, 22–23.Google Scholar
  14. Foehr, M., Jäger, T., Turrin, C., Petrali, P., & Pagani, A. (2013). Methodology for consideration of product quality within factory automation engineering. In 2013 IEEE international conference on industrial technology (ICIT) (pp. 1333–1338). Cape Town.Google Scholar
  15. Gilb, T. (2005). Competitive engineering: A handbook for systems engineering, requirements engineering, and software engineering using Planguage. Amsterdam: Elsevier.Google Scholar
  16. Gruhn, V., Gries, S., Hesenius, M., Ollesch, J., Ur Rehmann, S., Schwenzfeier, N., Wahl, C., & Wessling, F. (2017). Engineering cyber-physical systems, within H. Fujita, A. Selamat, S. Omatu, new trends in intelligent software – Methodologies, tools, and techniques. In Proceedings of 16th SoMeT. Amsterdam: IOS Press.Google Scholar
  17. Hahn, A. (2016). Operational technology and information technology in industrial control systems. In Cyber-security of SCADA and other industrial control systems (pp. 51–68). Cham: Springer.CrossRefGoogle Scholar
  18. Howard, M., & Lipner, S. (2006). The security development lifecycle (Vol. 8). Redmond: Microsoft Press.Google Scholar
  19. Hoyle, D. (2017). ISO 9000 quality systems handbook-updated for the ISO 9001:2015 standard. In Increasing the quality of an organization’s outputs. Abingdon: Taylor & Francis.Google Scholar
  20. Hundt, L., & Lüder, A. (2012, September). Development of a method for the implementation of interoperable tool chains applying mechatronical thinking—use case engineering of logic control. In Emerging technologies & factory automation (ETFA), 2012 IEEE 17th conference (pp. 1–8). IEEE.Google Scholar
  21. ISO 9000:2015. (2015). Quality management systems – Fundamentals and vocabulary.Google Scholar
  22. ISO/IEC 25000:2014. (2014). Systems and software engineering – Systems and software quality requirements and evaluation (SQuaRE) – Guide to SQuaRE.Google Scholar
  23. Kagermann, H., Helbig, J., Hellinger, A., &Wahlster, W. (2013). Recommendations for implementing the strategic initiative INDUSTRIE 4.0: Securing the future of German manufacturing industry. Final report of the Industrie 4.0 working group, Forschungsunion.Google Scholar
  24. Kaner, C., Falk, J., & Nguyen, H. Q. (1999). Testing computer software. Hoboken, NJ: Wiley.zbMATHGoogle Scholar
  25. Kenett, R. S., Ruggeri, F., & Faltin, F. W. (2018). Analytic methods in systems and software testing. Hoboken, NJ: Wiley.zbMATHCrossRefGoogle Scholar
  26. Kieseberg, P., & Weippl, E. (2018). Security challenges in cyber-physical production systems. In International conference on software quality (pp. 3–16). Cham: Springer.Google Scholar
  27. Laporte, C. Y., & April, A. (2018). Software quality assurance. Hoboken, NJ: Wiley.Google Scholar
  28. Lee, E. A. (2008). Cyber physical systems: Design challenges. In 11th IEEE symposium on object oriented real-time distributed computing (ISORC) (pp. 363–369). IEEE.Google Scholar
  29. Lee, R. M., Assante, M. J., & Conway, T. (2014). German steel mill cyber attack. Industrial Control Systems, 30, 62.Google Scholar
  30. Lindemann, U. (2007). Methodische Entwicklung technischer Produkte. Berlin: Springer.CrossRefGoogle Scholar
  31. Lüder, A., Schmidt, N., Hell, K., Röpke, H., & Zawisza, J. (2017a). Fundamentals of artifact reuse in CPPS. In Multi-disciplinary engineering for cyber-physical production systems: Data models and software solutions for handling complex engineering projects (pp. S113–S138). Cham: Springer.CrossRefGoogle Scholar
  32. Lüder, A., Schmidt, N., Hell, K., Röpke, H., & Zawisza, J. (2017b). Identification of artifacts in life cycle phases of CPPS. In Multi-disciplinary engineering for cyber-physical production systems: Data models and software solutions for handling complex engineering projects (pp. S139–S167). Cham: Springer.CrossRefGoogle Scholar
  33. Lüder, A., Schmidt, N., Hell, K., Röpke, H., & Zawisza, J. (2017c). Description means for information artifacts throughout the life cycle of CPPS. In Multi-disciplinary engineering for cyber-physical production systems: Data models and software solutions for handling complex engineering projects (pp. S169–S183). Cham: Springer.CrossRefGoogle Scholar
  34. Lunze, J. (2016). Automatisierungstechnik – Methoden für die Überwachung und Steuerung kontinuierlicher und ereignisdiskreter Systeme. De Gruyter Studium.Google Scholar
  35. Macaulay, T., & Singer, B. L. (2016). Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Abingdon: Auerbach.CrossRefGoogle Scholar
  36. McGraw, G. (2004). Software security. IEEE Security & Privacy, 2(2), 80–83.CrossRefGoogle Scholar
  37. McGraw, G. (2006). Software security: Building security in (Vol. 1). Boston, MA: Addison-Wesley.Google Scholar
  38. McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A. R., Maniatakos, M., & Karri, R. (2016). The cybersecurity landscape in industrial control systems. Proceedings of the IEEE, 104(5), 1039–1057.CrossRefGoogle Scholar
  39. Monostori, L. (2014). Cyber-physical production systems: Roots, expectations and R&D challenges. In Proceedings of the 47th CIRP conference on manufacturing; systems, procedia CIRP (Vol. 17, pp. 9–13).Google Scholar
  40. Myers, G. J., & Sandler, C. (1979). The art of software testing. Hoboken, NJ: Wiley.Google Scholar
  41. Ning, J., Chen, Z., & Liu, G. (2010, August). PDCA process application in the continuous improvement of software quality. In Computer, mechatronics, control and electronic engineering (CMCE), 2010 international conference (Vol. 1, pp. 61–65). IEEE.Google Scholar
  42. Radmand, P., Talevski, A., Petersen, S., & Carlsen, S. (2010). Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In Advanced information networking and applications (AINA), 2010 24th IEEE international conference (pp. 949–957). IEEE.Google Scholar
  43. Schleipen, M., Lüder, A., Sauer, O., Flatt, H., & Jasperneite, J. (2015). Requirements and concept for plug-and-work. Automatisierungstechnik, 63(10), 801–820.Google Scholar
  44. Schmittner, C., Ma, Z., & Schoitsch, E. (2015). Combined safety and security development lifecycle. In Industrial informatics (INDIN), 2015 IEEE 13th international conference (pp. 1408–1415). IEEE.Google Scholar
  45. Schnieder, E. (1999). Methoden der Automatisierung. Braunschweig: Vieweg.zbMATHCrossRefGoogle Scholar
  46. Slay, J., & Miller, M. (2008). Lessons learned from the Maroochywater breach. In International conference on critical infrastructure protection (pp. 73–82). Boston, MA: Springer.Google Scholar
  47. Sokovic, M., Pavletic, D., & Pipan, K. K. (2010). Quality improvement methodologies–PDCA cycle, RADAR matrix, DMAIC and DFSS. Journal of Achievements in Materials and Manufacturing Engineering, 43(1), 476–483.Google Scholar
  48. Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to Industrial Control Systems (ICS) security. NIST Special Publication, 800(82).
  49. Strahilov, A., & Hämmerle, H. (2017). Engineering workflow and software tool chains of automated production systems. In S. Biffl, A. Lüder, & D. Gerhard (Eds.), Multi-disciplinary engineering for cyber-physical production systems – Data models and software solutions for handling complex engineering projects (pp. 207–234). Cham: Springer.Google Scholar
  50. Tian, J. (2005). Software quality engineering: Testing, quality assurance, and quantifiable improvement. Hoboken, NJ: Wiley.CrossRefGoogle Scholar
  51. Ullrich, J., Voyiatzis, A. G., & Weippl, E. R. (2016). Secure cyber-physical production systems: Solid steps towards realization. In Cyber-physical production systems (CPPS), 2016 1st international workshop (pp. 1–4). IEEE.Google Scholar
  52. VDI Richtlinie 3695. (2009). Engineering von Anlagen – Evaluieren und optimieren des Engineerings. Berlin: Beuth.Google Scholar
  53. VereinDeutscherIngenieure. (2004). VDI-Richtlinie 2206 – Entwicklungsmethodik für mechatronische Systeme. Düsseldorf: Beuth.Google Scholar
  54. Wagner, S. (2007). Cost-optimisation of analytical software quality assurance. Munich: Technical University Munich.Google Scholar
  55. Weippl, E., & Kieseberg, P. (2017). Security in cyber-physical production systems: A roadmap to improving IT-security in the production system lifecycle. In AEIT international annual conference (pp. 1–6). IEEE.Google Scholar
  56. Whittle, J., Hutchinson, J., & Rouncefield, M. (2019). Model-driven development – A practical approach. Abingdon: Routledge.Google Scholar
  57. Zanero, S. (2017, April). Cyber-physical systems. Computer, 50(4), 14–16.CrossRefGoogle Scholar
  58. Zhu, Y.-M. (2016). Software reading techniques: Twenty techniques for more effective software review and inspection. New York: Apress.CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Stefan Biffl
    • 1
    Email author
  • Matthias Eckhart
    • 2
    • 3
  • Arndt Lüder
    • 4
  • Edgar Weippl
    • 2
  1. 1.Institute of Information Systems EngineeringTechnische Universität WienViennaAustria
  2. 2.Christian Doppler Laboratory for Security and Quality Improvement in the Production System Lifecycle (CDL-SQI), Institute of Information Systems EngineeringTechnische Universität WienViennaAustria
  3. 3.SBA ResearchViennaAustria
  4. 4.Otto-v.-Guericke University/IAFMagdeburgGermany

Personalised recommendations