Knowledge-based Engineering of Automation Systems using Ontologies and Engineering Data

Glawe, Matthias; Tebbe, Christopher; Fay, Alexander; Niemann, Karl-Heinz

doi:10.5220/0005614502910300

Cited by 13 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some ontologies also include relations between, for example, a risk scenario and recommended security measures, which can be regarded as a way of library-supported security decision making. CPS-related examples can be found in [ 45 , 46 , 47 ]. In addition, frameworks such as MITRE ATT&CK for ICS [ 48 ], including both popular attack techniques and countermeasures, can be regarded as ontologies that can be used for library-supported security decision making.…”

Section: State Of the Artmentioning

confidence: 99%

Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries

Fluchs,

Taştan,

Trumpf

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

“Security by design” is the term for shifting cybersecurity considerations from a system’s end users to its engineers. To reduce the end users’ workload for addressing security during the systems operation phase, security decisions need to be made during engineering, and in a way that is traceable for third parties. However, engineers of cyber-physical systems (CPSs) or, more specifically, industrial control systems (ICSs) typically neither have the security expertise nor time for security engineering. The security-by-design decisions method presented in this work aims to enable them to identify, make, and substantiate security decisions autonomously. Core features of the method are a set of function-based diagrams as well as libraries of typical functions and their security parameters. The method, implemented as a software demonstrator, is validated in a case study with the specialist for safety-related automation solutions HIMA, and the results show that the method enables engineers to identify and make security decisions they may not have made (consciously) otherwise, and quickly and with little security expertise. The method is also well suited to make security-decision-making knowledge available to less experienced engineers. This means that with the security-by-design decisions method, more people can contribute to a CPS’s security by design in less time.

show abstract

Section: State Of the Artmentioning

confidence: 99%

Traceable Security-by-Design Decisions for Cyber-Physical Systems (CPSs) by Means of Function-Based Diagrams and Security Libraries

Fluchs,

Taştan,

Trumpf

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…Perhaps the biggest challenge in making security design decisions -to be more precise, selecting appropriate security measures -lies in distinguishing the security-relevant information from the irrelevant in a large pool of engineering information [2], [4].…”

Section: Introductionmentioning

confidence: 99%

“…They do not identify, let alone process, relevant information to decide upon security measures. Some of the authors even explicitly state that they regard supporting systematic identification of security measures using their approaches a challenge [4], [12].…”

Section: Introductionmentioning

confidence: 99%

“…This results in a problem relevant in industrial practice: Security design decision-making requires understanding and processing large amounts of information [2], [4], most of which will be outside the area of expertise of any security decision maker, regardless of their profession. This problem moves the presentation of the security-relevant information into focus: Just like security operations information must be presented to security operators sitting in front of a security operations center (SOC) monitor in a way that enables them to decide how to react to a security incident, security engineering information must be presented to security engineers in a way that enables them to decide how to design a defensible system.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Evaluation of Visual Notations as a Basis for ICS Security Design Decisions

2023

Self Cite

View full text Add to dashboard Cite

For making informed security decisions during the design of industrial control systems (ICS), engineers need to process large amounts of security-relevant information outside their area of expertise. This problem moves the presentation of the security-relevant information into focus: security-relevant engineering information must be presented to security decision-makers in a way that enables them to decide upon security measures to build a defensible system. Visual representations have the potential to effectively convey suchlike information, thus saving the engineers' brain capacity for the security decision-making. However, research shows that this potential is only realized if the visualizations are carefully constructed for cognitive effectiveness. As a prerequisite for constructing a visual language for security engineering in the future, this paper explores two scientific questions: 1) what are the requirements for visualizing security-relevant engineering information in a way that enables engineers to make security decisions during ICS design? and 2) which existing visual languages meet (parts of) these requirements? The evaluation of existing visualizations reveals that there is a need for an improved, specialized visual language for security engineering that builds upon established engineering visualizations like piping and instrumentation diagrams and network maps, represents all security-relevant information as icons to achieve semantic transparency, and includes filtering mechanisms to reduce the complexity of each single diagram. The paper finishes with defining the main pillars of a future visual language that should allow ICS engineers to quickly capture security-relevant information and guide them through the process of selecting the right security measures to design a defensible ICS.INDEX TERMS Automation engineering, industrial control system security, security by design, visual language.

show abstract