A Semantic Framework with Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems

  • Yuning JiangEmail author
  • Yacine Atif
  • Jianguo Ding
  • Wei Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12026)


Critical manufacturing processes in smart networked systems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber-security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between different working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the collaboration between different actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with different expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more practical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulnerabilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.


Cyber-physical production system security Human-in-the-Loop Vulnerability assessment Semantic model Reference model 


  1. 1.
    Wu, D., et al.: Cybersecurity for digital manufacturing. J. Manuf. Syst. 48, 3–12 (2018) CrossRefGoogle Scholar
  2. 2.
    Mohurle, S., Patil, M.: A brief study of Wannacry Threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)Google Scholar
  3. 3.
    Välja, M., Lagerström, R., Franke, U., Ericsson, G.: A framework for automatic it architecture modeling: applying truth discovery (2018)Google Scholar
  4. 4.
    Rahm, E., Bernstein, P.A.: A survey of approaches to automatic schema matching. VLDB J. 10(4), 334–350 (2001)CrossRefGoogle Scholar
  5. 5.
    Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security-a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)CrossRefGoogle Scholar
  6. 6.
    Kure, H., Islam, S., Razzaque, M.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018)CrossRefGoogle Scholar
  7. 7.
    Jiang, Y., Jeusfeld, M., Atif, Y., Ding, J., Brax, C., Nero, E.: A language and repository for cyber security of smart grids. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), pp. 164–170. IEEE (2018)Google Scholar
  8. 8.
    Hafner, M., Breu, R., Agreiter, B., Nowak, A.: SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Res. 16(5), 491–506 (2006)CrossRefGoogle Scholar
  9. 9.
    Johnson, P., Vernotte, A., Gorton, D., Ekstedt, M., Lagerström, R.: Quantitative information security risk estimation using probabilistic attack graphs. In: Großmann, J., Felderer, M., Seehusen, F. (eds.) RISK 2016. LNCS, vol. 10224, pp. 37–52. Springer, Cham (2017). Scholar
  10. 10.
    Elhabashy, A.E., Wells, L.J., Camelio, J.A., Woodall, W.H.: A cyber-physical attack taxonomy for production systems: a quality control perspective. J. Intell. Manuf. 30(6), 1–16 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of InformaticsUniversity of SkövdeSkövdeSweden
  2. 2.School of Engineering ScienceUniversity of SkövdeSkövdeSweden

Personalised recommendations