Software Reliability and Quality Assurance Challenges in Cyber Physical Systems Security (original) (raw)

Related papers

An Effective Security Requirements Engineering Framework for Cyber-Physical Systems

Technologies, 2018

Context and motivation: Cyber-Physical Systems (CPSs) are gaining priority over other systems. The heterogeneity of these systems increases the importance of security. Both the developer and the requirement analyst must consider details of not only the software, but also the hardware perspective, including sensor and network security. Several models for secure software engineering processes have been proposed, but they are limited to software; therefore, to support the processes of security requirements, we need a security requirements framework for CPSs. Question/Problem: Do existing security requirements frameworks fulfil the needs of CPS security requirements? The answer is no; existing security requirements frameworks fail to accommodate security concerns outside of software boundaries. Little or even no attention has been given to sensor, hardware, network, and third party elements during security requirements engineering in different existing frameworks. Principal Ideas/result...

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), 2017

This paper offers a new approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture, such as the 1-out-of-2 software, popular for building industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and "cleansing" ("proactive recovery") under different adversary models ranging from independent attacks to sophisticated synchronized attacks on the channels. We demonstrate that the effect of attacks on reliability of diverse software significantly depends on the adversary model. Under synchronized attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are.

Software Reliability and Security

Encyclopedia of Library and Information Science, 2005

Software problems are the main causes of system failures today. There are many well-known cases of the tragic consequences of software failures. In critical systems, very high reliability is naturally expected. Software packages used everyday also need to be highly reliable, because the enormous investment of the software developer is at stake. Studies have shown that reliability is regarded as the most important attribute by potential customers. All software developed will have a significant number of defects. All programs must be ...

Some Considerations on Dependability Issues and Cyber-Security of Cyber-Physical Systems

2018 International Conference on Smart Communications in Network Technologies (SaCoNeT)

For the last recent years, there has been a convergence between computer engineering approaches and automation aspects (industrial systems, internet of things) also called cyber-physical systems, for the development of processbased cyber-security strategies. Classically, security studies are based on risk analysis. Compared to classical IT approaches, the actual process (for instance a nuclear power plant or a chemical process) or system (autonomous car, drone) are taken into account in our approach for two reasons. The first reason is that the vulnerabilities of such systems or processes vary dynamically as a function of the time, the second reason is because the "standards" context is depending on the application domain and relationships with the IEC 61508 functional safety standard seems relevant. The paper presents a state of the art of problematics and proposed some approaches to these issues.

Cybersecurity, Safety and Reliability

2016

The charge forward of the Internet of Things (IoT) and Industrial Internet of Things (IIoT) consistently leaves out concepts of ensuring the security of a company’s critical control and computer systems. It is even more serious when some sales organizations attempt to sell their IoT ideas with recommendations to maintenance leadership of how to get around Information Technology (IT) departments and rules. Further, the lack of understanding of what systems could be considered cyber-related and undergo security checks and steps is significant. The impact of cyber-holes in the system include the loss of systems, damaged systems and potential safety hazards. However, the implementation of cybersecurity is not far-fetched from reliability programs that already exist and, especially with the rapid deployment of cyber-devices, a way of further justifying the application of such programs as Reliability Centered Maintenance (RCM). In this whitepaper we will focus on one of the items of Cyber...

Model to Quantify Availability at Requirement Phase of Secure Software

American Journal of Software Engineering and Applications, 2015

A number of security mechanisms are available to protect data such as digital signature, audits log, encryption, refining etc. however they completely not able to stop malevolent attacks. Hackers and attackers continuously try to exploit security which can be easily pushed through loopholes that are available at users end. The core reasons for such problem are mainly generated by terrible software requirements which are implemented without proper analysis of risks and threats. In order to reduce vulnerabilities security requirements standards, policies are tightly bound and used right from the beginning of software development. The major purpose of security standards and policy is to ensure that the data is always available at random in order to support security requirements against identified risks. The focus on this paper is to propose a model to quantify availability (MQA R) by using multiple regression technique at requirement phase. To rationalize the model statistical data is used to validate assess availability at requirement level and the significance of this study concludes that the calculated data is highly acceptable.

Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber Physical Systems

https://arxiv.org/abs/2006.00165v3, 2021

Safety risk assessment is an essential process to ensure a dependable Cyber-Physical System (CPS) design. Traditional risk assessment considers only physical failures. For modern CPS, failures caused by cyber attacks are on the rise. The focus of latest research effort is on safety-security lifecycle integration and the expansion of modeling formalism for risk assessment to incorporate security failures. The interaction between safety and security and its impact on the overall system design, as well as the reliability loss resulting from ignoring security failures are some of the overlooked research questions. This paper addresses these research questions by presenting a new safety design method named Cyber Layer Of Protection Analysis (CLOPA) that extends existing LOPA framework to include failures caused by cyber attacks. The proposed method provides a rigorous mathematical formulation that expresses quantitatively the trade-off between designing a highly-reliable versus a highly-secure CPS. We further propose a co-design lifecycle process that integrates the safety and security risk assessment processes. We evaluate the proposed CLOPA approach and the integrated lifecycle on a practical case study of a process reactor controlled by an industrial control testbed, and provide a comparison between the proposed CLOPA and current LOPA risk assessment practice.

A security risk mitigation framework for cyber physical systems

Journal of Software: Evolution and Process, 2019

Cyber physical systems (CPSs) are safety‐critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber‐security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose ...

Three tenets for secure cyber-physical system design and assessment

Cyber Sensing 2014, 2014

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur:-system susceptibility;-threat accessibility and;-threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical-systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band-make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt-confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.