Towards a Security Cost Model for Cyber-Physical Systems

Ivkic, Igor; Mauthe, Andreas; Tauber, Markus

doi:10.1109/ccnc.2019.8651751

Cited by 5 publications

(8 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As resource constraints are often a bottleneck for IIoT systems, it is perhaps surprising that there has not been a lot of work on modeling the overhead these bring. The only such work that was found in the literature is by Ivkic et al [238], and describes an onion layer model that enables one to sum all overhead introduced by security functions.…”

Section: Models and Methodologiesmentioning

confidence: 99%

A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities

Tange

Donno

Fafoutis

et al. 2020

IEEE Commun. Surv. Tutorials

279

112

View full text Add to dashboard Cite

A key application of the Internet of Things (IoT) paradigm lies within industrial contexts. Indeed, the emerging Industrial Internet of Things (IIoT), commonly referred to as Industry 4.0, promises to revolutionize production and manufacturing through the use of large numbers of networked embedded sensing devices, and the combination of emerging computing technologies, such as Fog/Cloud Computing and Artificial Intelligence. The IIoT is characterized by an increased degree of inter-connectivity, which not only creates opportunities for the industries that adopt it, but also for cyber-criminals. Indeed, IoT security currently represents one of the major obstacles that prevent the widespread adoption of IIoT technology. Unsurprisingly, such concerns led to an exponential growth of published research over the last few years. To get an overview of the field, we deem it important to systematically survey the academic literature so far, and distill from it various security requirements as well as their popularity. This paper consists of two contributions: our primary contribution is a systematic review of the literature over the period 2011-2019 on IIoT Security, focusing in particular on the security requirements of the IIoT. Our secondary contribution is a reflection on how the relatively new paradigm of Fog computing can be leveraged to address these requirements, and thus improve the security of the IIoT.

show abstract

Section: Models and Methodologiesmentioning

confidence: 99%

A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities

Tange

Donno

Fafoutis

et al. 2020

IEEE Commun. Surv. Tutorials

279

112

View full text Add to dashboard Cite

show abstract

“…The formal description 𝑥 𝑖𝑐 𝑓 𝑚 or 𝑥 𝑖𝑐𝑠𝑚 specifies the normalised measurement result of metric 𝑚 used to measure task 𝑢 or 𝑠 which has been performed by component 𝑐 that participated in interaction 𝑖. Thus, this is an extension of the Onion Layer Model in [27,28] to enable aggregating these measurement results with different units by normalising them to a generic Cost Unit.…”

Section: Onion Layer Modelmentioning

confidence: 99%

A Security Cost Modelling Framework for Cyber-Physical Systems

Ivkic,

Sailer,

Gouglidis

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common Cost Unit. Moreover, we show how the Security Costs can be extracted from the overall performance measurements which allows to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs. CCS Concepts: • Computer systems organization → Embedded and cyber-physical systems; Architectures; • Security and privacy → Formal security models; • Computing methodologies → Model development and analysis; • General and reference → Experimentation.

show abstract

“…The Onion Layer Model from from Ivkic et al (2019), as shown in Figure 2, can be used to describe security costs that occur each time an interaction is executed. In this context, an interaction is defined as a unit of work, which is executed at a specific time, serves a specific purpose and can be treated in an coherent and reliable way independent of other interactions.…”

Section: Security Cost Modeling Frameworkmentioning

confidence: 99%

“…This paper builds on Ivkic et al (2019) where we introduce an Onion Layer Model for formally describing how the costs of security can be modelled within a CPS. This initial investigation included a mathematical expression for describing the costs of security during the interaction of components and their performed security-related tasks.…”

Section: Related Workmentioning

confidence: 99%

“…To address this challenge, we propose an initial approach to automatically measure the resulting costs of providing security by using a Security Cost Modelling Framework as shown in Figure 1. The proposed framework is an extension of our previous work (Ivkic et al, 2019), where we proposed an Onion Layer Model, which formally describes a CPS including its interactions, the participating components and their performed tasks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Framework for Measuring the Costs of Security at Runtime

Ivkic

Pichler

Zsilak

et al. 2019

Proceedings of the 9th International Conference on Cloud Computing and Services Science

Self Cite

View full text Add to dashboard Cite

In Industry 4.0, Cyber-Physical Systems (CPS) are formed by components, which are interconnected with each other over the Internet of Things (IoT). The resulting capabilities of sensing and affecting the physical world offer a vast range of opportunities, yet, at the same time pose new security challenges. To address these challenges there are various IoT Frameworks, which offer solutions for managing and controlling IoT-components and their interactions. In this regard, providing security for an interaction usually requires performing additional security-related tasks (e.g. authorisation, encryption, etc.) to prevent possible security risks. Research currently focuses more on designing and developing these frameworks and does not satisfactorily provide methodologies for evaluating the resulting costs of providing security. In this paper we propose an initial approach for measuring the resulting costs of providing security for interacting IoT-components by using a Security Cost Modelling Framework. Furthermore, we describe the necessary building blocks of the framework and provide an experimental design showing how it could be used to measure security costs at runtime.

show abstract

Towards a Security Cost Model for Cyber-Physical Systems

Cited by 5 publications

References 19 publications

A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities

A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities

A Security Cost Modelling Framework for Cyber-Physical Systems

A Framework for Measuring the Costs of Security at Runtime

Contact Info

Product

Resources

About