A multilevel cybersecurity and safety monitor for embedded cyber-physical systems

Abstract: Cyber-physical systems (cps) are composed of various embedded subsystems and require specialized software, firmware, and hardware to coordinate with the rest of the system. These multiple levels of integration expose attack surfaces which can be susceptible to attack vectors that require novel architectural methods to effectively secure against. We present a multilevel hierarchical monitor architecture cybersecurity approach applied to a flight control system. However, the principles present in this paper appl… Show more

“…Ten out of those studies 74–83 were discussing architecture modeling. Twenty‐four studies 84–107 were discussing architecture analysis. Fourteen studies 77,108–120 were discussing how to make architectural design of systems both safe and secure through modeling and analysis.…”

“…Ten out of those studies 74 , 75 , 76 , 77 , 78 , 79 , 80 , 81 , 82 , 83 were discussing architecture modeling. Twenty‐four studies 84 , 85 , 86 , 87 , 88 , 89 , 90 , 91 , 92 , 93 , 94 , 95 , 96 , 97 , 98 , 99 , 100 , 101 , 102 , 103 , 104 , 105 , 106 , 107 were discussing architecture analysis. Fourteen studies 77 , 108 , 109 , 110 , 111 , 112 , 113 , 114 , 115 , 116 , 117 , 118 , 119 , 120 were discussing how to make architectural design of systems both safe and secure through modeling and analysis.…”

“…As shown in Figure 4 , most researchers of this domain are proposing an approach or a methodology based on an already existing method or tool, that is, 41 out of 143 publications. 26 , 28 , 33 , 34 , 35 , 36 , 40 , 41 , 46 , 47 , 48 , 51 , 52 , 53 , 56 , 58 , 59 , 61 , 62 , 63 , 64 , 65 , 66 , 68 , 71 , 72 , 74 , 78 , 82 , 86 , 87 , 93 , 95 , 97 , 98 , 102 , 114 , 121 , 126 , 135 , 136 Their aim was to adapt an existing technology in such a way that it becomes exploitable for MDE of safety and security systems.…”

“…Twenty-three F I G U R E 4 RQ3: Studies classification based on contributions studies were applied to control systems. Control systems included general-purpose control systems, 39,56,62,110,124,143 air traffic control systems, 24,44,73,102 access control systems, 29,54 industrial control systems, 30,33,53,80,113,144 network control systems, 56 electrical substation automation systems, 85 and building automation systems. 25,27 After control systems, avionic/aviation systems were most attractive for researchers of this topic.…”

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

“…Ten out of those studies 74–83 were discussing architecture modeling. Twenty‐four studies 84–107 were discussing architecture analysis. Fourteen studies 77,108–120 were discussing how to make architectural design of systems both safe and secure through modeling and analysis.…”

“…Ten out of those studies 74 , 75 , 76 , 77 , 78 , 79 , 80 , 81 , 82 , 83 were discussing architecture modeling. Twenty‐four studies 84 , 85 , 86 , 87 , 88 , 89 , 90 , 91 , 92 , 93 , 94 , 95 , 96 , 97 , 98 , 99 , 100 , 101 , 102 , 103 , 104 , 105 , 106 , 107 were discussing architecture analysis. Fourteen studies 77 , 108 , 109 , 110 , 111 , 112 , 113 , 114 , 115 , 116 , 117 , 118 , 119 , 120 were discussing how to make architectural design of systems both safe and secure through modeling and analysis.…”

“…As shown in Figure 4 , most researchers of this domain are proposing an approach or a methodology based on an already existing method or tool, that is, 41 out of 143 publications. 26 , 28 , 33 , 34 , 35 , 36 , 40 , 41 , 46 , 47 , 48 , 51 , 52 , 53 , 56 , 58 , 59 , 61 , 62 , 63 , 64 , 65 , 66 , 68 , 71 , 72 , 74 , 78 , 82 , 86 , 87 , 93 , 95 , 97 , 98 , 102 , 114 , 121 , 126 , 135 , 136 Their aim was to adapt an existing technology in such a way that it becomes exploitable for MDE of safety and security systems.…”

“…Twenty-three F I G U R E 4 RQ3: Studies classification based on contributions studies were applied to control systems. Control systems included general-purpose control systems, 39,56,62,110,124,143 air traffic control systems, 24,44,73,102 access control systems, 29,54 industrial control systems, 30,33,53,80,113,144 network control systems, 56 electrical substation automation systems, 85 and building automation systems. 25,27 After control systems, avionic/aviation systems were most attractive for researchers of this topic.…”

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

“…Design-time safety measures that use STPA and model-based system engineering similar to our autonomous emergency braking (AEB) case study could incorporate our methods for runtime assurance [6]. Attacks occur in hardware, communication, and processing levels within complex systems [4], and using monitors at multiple system levels can increase causal factor awareness [5,8,9].…”

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Multilevel Runtime Security and Safety Monitoring for Cyber Physical Systems Using Model-Based Engineering