MMM-ACNS 2017: Computer Network Security pp 37-49 | Cite as
Extending FAST-CPS for the Analysis of Data Flows in Cyber-Physical Systems
Abstract
Cyber-physical systems are increasingly automated and interconnected. Strategies like predictive maintenance are on the rise and as a result new streams of data will flow through these systems. This data is often confidential, which can be a problem in these low-security systems. In addition, more stakeholders are now involved and various cloud-based service providers are utilised. Companies often no longer know who gets to see their data.
This paper presents a methodology that aims to analyse these data flows. The methodology takes as input a set of data asset preferences and service policies, as well as the asset flow of the system. It then returns feedback in the form of an asset profile showing which stakeholders have access to what data assets, and conflicts between the preferences and the modeled situation. Several possible actors with different preferences are modeled for each stakeholder role in the system, the scenarios with the fewest conflicts are returned. The methodology is validated on a case study and has been added to the FAST-CPS framework.
Keywords
Cyber-physical systems FAST-CPS Data flowsReferences
- 1.Becker, M.Y., Malkis, A., Bussard, L.: S4p: a generic language for specifying privacy preferences and policies. Microsoft Research (2010)Google Scholar
- 2.Bogaerts, B., De Cat, B., De Pooter, S., Denecker, M.: The IDP framework reference manual (2012)Google Scholar
- 3.Cranor, L.: Web privacy with P3P. O’Reilly Media, Inc., Sebastopol (2002)Google Scholar
- 4.Cranor, L., Langheinrich, M., Marchiori,M.: A P3P preference exchange language 1.0 (APPEL1. 0). W3C working draft (2002)Google Scholar
- 5.Decroix, K.: Inspecting privacy in electronic services (2015)Google Scholar
- 6.ENISA. Protecting industrial control systems: recommendations for EUROPE and member states (2011)Google Scholar
- 7.Friedenthal, S., Moore, A., Steiner, R.: A practical guide to SysML: the systems modeling language. Morgan Kaufmann (2014)Google Scholar
- 8.Homeland Security, H.C.C.: Cset: cyber security evaluation tool (2014)Google Scholar
- 9.Lee, E.A.: Cyber physical systems: design challenges. In: 2008 11th IEEE International Symposium on Object Oriented Real-Time Distributed Computing (ISORC), pp. 363–369. IEEE (2008)Google Scholar
- 10.Lemaire, L., Vossaert, J., Jansen, J., Naessens, V.: Extracting vulnerabilities in industrial control systems using a knowledge-based system. In: Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research, p. 1 (2015)Google Scholar
- 11.LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: 2011 Eighth International Conference on Quantitative Evaluation of Systems (QEST), pp. 191–200 IEEE (2011)Google Scholar
- 12.Li, N., Yu, T., Anton, A.: A semantics based approach to privacy languages. Comput. Syst. Sci. Eng. 21(5), 339 (2006)Google Scholar
- 13.Samarati, P.: Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)CrossRefGoogle Scholar
- 14.Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Syst. J. 7(3), 363–373 (2013)CrossRefGoogle Scholar
- 15.Vu, A.H., Tippenhauer, N.O., Chen, B., Nicol, D.M., Kalbarczyk, Z.: CyberSAGE: a tool for automatic security assessment of cyber-physical systems. In: Norman, G., Sanders, W. (eds.) QEST 2014. LNCS, vol. 8657, pp. 384–387. Springer, Cham (2014). doi: 10.1007/978-3-319-10696-0_29 Google Scholar
- 16.Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, pp. 1–9. IEEE (2010)Google Scholar