Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT

Hansch, Gerhard; Schneider, Peter; Brost, Gerd

doi:10.1145/3327961.3329528

Cited by 10 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some researchers have proposed new SRA models but focused on IoT and not on industrial environments [Guth et al, 2017, Zibuschka et al, 2019, Dimitrakos, 2018, Syed and Fernandez, 2018, Sabrina, 2019a, Sabrina, 2019b, Addo et al, 2014. Other researchers have preferred to propose the development of new models based on existing architectures for CPS, in particular RAMI 4.0, IIRA and 5C [Hansch et al, 2019a, Hansch et al, 2019b, Sharpe et al, 2019, Ma et al, 2017, Moghaddam et al, 2018, Baloyi and Kotzé, 2018, Ahmadi et al, 2018. Finally, another group of researchers has attempted to develop partial proposals for SRA without taking existing architectures into account [Craggs et al, 2019, Romero and Fernandez, 2017, Koziolek et al, 2018, Koziolek et al, 2020, ur Rehman et al, 2018.…”

Section: Related Workmentioning

confidence: 99%

Security Reference Architecture for Cyber-Physical Systems (CPS)

Moreno¹,

Rosado²,

Sánchez³

et al. 2021

jucs

View full text Add to dashboard Cite

Cyber-physical systems (CPS) are the next generation of engineered systems into which computing, communication, and control technologies are now being closely integrated. They play an increasingly important role in critical infrastructures, governments and everyday life. Security is crucial in CPS, but they were not, unfortunately, initially conceived as a secure environment, and if these security issues are to be incorporated, then security must be considered from the very beginning of the system design. One way in which to solve this problem is by having a global perspective, which can be achieved by employing a Reference Architecture (RA), since it is a high-level abstraction of a system that could be useful in the implementation of complex systems. It is widely accepted that adding elements in order to address many security factors (integrity, confidentiality, availability, etc.) and facilitate the definition of the security requirements of a Security Reference Architecture (SRA) is a good starting point when attempting to solve these kinds of cybersecurity problems and protect the system from the beginning of the development. An SRA makes it possible to define the key elements of a specific environment, thus allowing a better understanding of the inherent elements of the environments, while promoting the integration of security aspects and mechanisms. The present paper, therefore, presents the definition of an SRA for CPS by using UML models in an attempt to facilitate secure CPS implementations.

show abstract

Section: Related Workmentioning

confidence: 99%

Security Reference Architecture for Cyber-Physical Systems (CPS)

Moreno¹,

Rosado²,

Sánchez³

et al. 2021

jucs

View full text Add to dashboard Cite

show abstract

“…Often there are significant differences between the domains. While entire business use cases in the Smart Grid [29] and IIoT [17] domains could be successfully assessed all at once, analyses in the automotive sector greatly benefit from scoping to individual functions or components due to the required level of detail.…”

Section: Security Risk Assessmentmentioning

confidence: 99%

“…Identification, assessment, reuse, and propagation of security requirements are subject to recent research [17,29,101,102,104]. Requirements are typically expressed in natural language or requirements specification documents, which represent hardly machinereadable and interchangeable notations.…”

Section: Modeling Of Security Requirementsmentioning

confidence: 99%

“…Section 4.2) and the impact assessment method (cf. Section 4.3) were published in the paper "Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT" [17], which I presented at the 5th ACM Cyber-Physical System Security Workshop in 2019. For this thesis, I extended this model, revised the process to propagate impacts along the dependencies, and extended the concept to cover not only the information security triad of confidentiality, integrity, and authenticity but also availability and non-repudiation.…”

Section: Model-based Security Risk Assessmentmentioning

confidence: 99%

“…3) from a modelbased impact assessment was published in the paper "Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT" [17], which I presented at the 5th ACM Cyber-Physical System Security Workshop in 2019.…”

Section: Security Requirementsmentioning

confidence: 99%

See 2 more Smart Citations