International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Enhancing Cyber-Physical Systems Security: A Comprehensive SRE Approach for Robust CPS Methodology

  • Shafiq ur Rehman (College of Computer and Information Sciences, Imam Muhammad bin Saud Islamic University (IMSIU))
  • Received : 2024.05.05
  • Published : 2024.05.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cyber-Physical Systems (CPS) are introduced as complex, interconnected systems that combine physical components with computational elements and networking capabilities. They bridge the gap between the physical world and the digital world, enabling the monitoring and control of physical processes through embedded computing systems and networked communication. These systems introduce several security challenges. These challenges, if not addressed, can lead to vulnerabilities that may result in substantial losses. Therefore, it is crucial to thoroughly examine and address the security concerns associated with CPS to guarantee the safe and reliable operation of these systems. To handle these security concerns, different existing security requirements methods are considered but they were unable to produce required results because they were originally developed for software systems not for CPS and they are obsolete methods for CPS. In this paper, a Security Requirements Engineering Methodology for CPS (CPS-SREM) is proposed. A comparison of state-of-the-art methods (UMLSec, CLASP, SQUARE, SREP) and the proposed method is done and it has demonstrated that the proposed method performs better than existing SRE methods and enabling experts to uncover a broader spectrum of security requirements specific to CPS. Conclusion: The proposed method is also validated using a case study of the healthcare system and the results are promising. The proposed model will provide substantial advantages to both practitioners and researcher, assisting them in identifying the security requirements for CPS in Industry 4.0.

Keywords

References

  1. Yaacoub, J., Salman, O., Noura, H., Kaaniche, N., Chehab, A. & Malli, M. Cyber-physical systems security: Limitations, issues and future trends. Microprocessors And Microsystems. 77 pp. 103201 (2020) 
  2. Ding, D., Han, Q., Xiang, Y., Ge, X. & Zhang, X. A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing. 275 pp. 1674-1683 (2018)
  3. Mellado, D., Fernandez-Medina, E. & Piattini, M. Applying a security requirements engineering process. Computer Security-ESORICS 2006: 11th European Symposium On Research In Computer Security, Hamburg, Germany, September 18-20, 2006. Proceedings 11. pp. 192-206 (2006)
  4. Schneble, W. & Thamilarasu, G. Attack detection using federated learning in medical cyber-physical systems. Proc. 28th Int. Conf. Comput. Commun. Netw. (ICCCN). 29 pp. 1-8 (2019) 
  5. Munante, D., Chiprianov, V., Gallon, L. & Aniorte, P. A review of security requirements engineering methods with respect to risk analysis and model-driven engineering. Availability, Reliability, And Security In Information Systems: IFIP WG 8.4, 8.9, TC 5 International Cross-Domain Conference, CD-ARES 2014 And 4th International Workshop On Security And Cognitive Informatics For Homeland Defense, SeCIHD 2014, Fribourg, Switzerland, September 8-12, 2014. Proceedings 9. pp. 79-93 (2014)
  6. Sirohi, P., Agarwal, A. & Tyagi, S. A comprehensive study on security attacks on SSL/TLS protocol. 2016 2nd International Conference On Next Generation Computing Technologies (NGCT). pp. 893-898 (2016) 
  7. Gao, Y., Peng, Y., Xie, F., Zhao, W., Wang, D., Han, X., Lu, T. & Li, Z. Analysis of security threats and vulnerability for cyber-physical systems. Proceedings Of 2013 3rd International Conference On Computer Science And Network Technology. pp. 50-55 (2013) 
  8. Fabian, B., Gurses, S., Heisel, M., Santen, T. & Schmidt, H. A comparison of security requirements engineering methods. Requirements Engineering. 15 pp. 7-40 (2010) 
  9. Ross, R. & Johnson, L. Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. (Ronald S. Ross, L A. Johnson, 2010) 
  10. Griffor, E., Greer, C., Wollman, D. & Burns, M. Framework for cyber-physical systems: Volume 2, working group reports. (Edward R. Griffor, Christopher Greer, David A. Wollman, Martin J. Burns,2017) 
  11. Force, J. Risk management framework for information systems and organizations. NIST Special Publication. 800 pp. 37 (2018) 
  12. Peng, Y., Lu, T., Liu, J., Gao, Y., Guo, X. & Xie, F. Cyber-physical system risk assessment. 2013 Ninth International Conference On Intelligent Information Hiding And Multimedia Signal Processing. pp. 442-447 (2013) 
  13. Rehman, S., Allgaier, C. & Gruhn, V. Security requirements engineering: A framework for cyber-physical systems. 2018 International Conference On Frontiers Of Information Technology (FIT). pp. 315-320 (2018)
  14. Rehman, S. & Gruhn, V. An effective security requirements engineering framework for cyber-physical systems. Technologies. 6, 65 (2018) 
  15. Japs, S. Security safety by model-based requirements engineering. 2020 IEEE 28th International Requirements Engineering Conference (RE). pp. 422-427 (2020) 
  16. Asplund, F., McDermid, J., Oates, R. & Roberts, J. Rapid integration of CPS security and safety. IEEE Embedded Systems Letters. 11, 111-114 (2018) 
  17. Jurjens, J. Towards development of secure systems using UMLsec. International Conference On Fundamental Approaches To Software Engineering. pp. 187-200 (2001 
  18. Jurjens, J. UMLsec: Extending UML for secure systems development. International Conference On The Unified Modeling Language. pp. 412-425 (2002) 
  19. Best, B., Jurjens, J. & Nuseibeh, B. Model-based security engineering of distributed information systems using UMLsec. 29th International Conference On Software Engineering (ICSE'07). pp. 581-590 (2007) 
  20. Jurjens, J. & Shabalin, P. Automated verification of UMLsec models for security requirements. International Conference On The Unified Modeling Language. pp. 365-379 (2004)
  21. Ruiz, J., Arjona, M., Mana, A. & Rudolph, C. Security knowledge representation artifacts for creating secure IT systems. Computers Security. 64 pp. 69-91 (2017) 
  22. Gregoire, J., Buyens, K., De Win, B., Scandariato, R. & Joosen, W. On the secure software development process: CLASP and SDL compared. Third International Workshop On Software Engineering For Secure Systems (SESS'07: ICSE Workshops 2007). pp. 1-1 (2007) 
  23. Ansari, M., Pandey, D. & Alenezi, M. STORE: Security threat-oriented requirements engineering methodology. Journal Of King Saud University-Computer And Information Sciences. 34, 191-203 (2022) 
  24. Khan, R., Khan, S., Khan, H. & Ilyas, M. Systematic mapping study on security approaches in secure software engineering. Ieee Access. 9 pp. 19139-19160 (2021) 
  25. Mead, N. & Stehney, T. Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering Notes. 30, 1-7 (2005) 
  26. Suleiman, H. & Svetinovic, D. Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure. Requirements Engineering. 18 pp. 251-279 (2013) 
  27. Viega, J. Building security requirements with CLASP. ACM SIGSOFT Software Engineering Notes. 30, 1-7 (2005) 631 
  28. Dey, N., Ashour, A., Shi, F., Fong, S. & Tavares, J. Medical cyber-physical systems: A survey. Journal Of Medical Systems. 42 pp. 1-13 (2018).