Cyber-physical systems (CPS) are devices with sensors and actuators which link the physical with the virtual world. There is a strong trend towards open systems, which can be extended during operation by instantly adding functionalities on demand. We discuss this trend in the context of automotive, medical and industrial automation systems. The goal of this chapter is to elaborate the research challenges of ensuring security in these new platforms for such open systems. A main problem is that such CPS apps shall be able to access and modify safety critical device internals. Cyber-physical attacks can affect the integrity, availability and confidentiality in CPS. Examples range from deception based attacks such as false-data-injection, sensor and actuator attacks, replay attacks, and also denial-of-service attacks. Hence, new methods are required to develop an end-to-end solution for development and deployment of trusted apps. This chapter presents the architecture approach and its key components, and methods for open CPS apps, including tool chain and development support.
TopIntroduction
Cyber-physical systems (CPS) are devices with sensors and actuators, which link the physical with the virtual world. In many application areas of CPS such as automotive or medical, devices are long-lived and users depend on them in their daily lives. In the past, many of these systems have been operating unchanged for years or even decades in a well-defined context. With the rapid innovation cycles in many IT services and technologies, there is also a need to extend or update these services. For instance, functionality in cars has been used as originally shipped for the full lifetime of a car. With the latest innovations in infotainment and autonomous driving, it is expected that this functionality is outdated after a few years. Thus, there is a strong trend towards open cyber-physical systems, which can be extended by instantly adding functionalities on demand.
Cyber-physical attacks can affect the integrity, availability and confidentiality in such CPS. Examples range from deception based attacks such as false-data-injection, sensor and actuator attacks, replay attacks, and denial-of-service attacks. Attacks penetrating the integrity of vehicular systems and medical devices have brought to sharp focus the urgency of securing cyber-physical systems. For networked CPS systems, a number of external and internal attacks can threaten the correct and safe operation of the system. For instance, internal CPS nodes or networks may be compromised, which may affect the safety and reliability of the overall system.
This chapter presents the research challenges and solutions of ensuring security and safety in such open systems. Today CPS apps support openness for updates of existing functionality. A main issue though, is that such CPS apps are able to access and modify safety critical device internals. Thus, it is not sufficient to isolate the apps from other parts of the system, as they typically need to access and control parts of the system. The apps must not be able to interfere or compromise proper operation of the system at any time. For the new apps, there can be different levels of trust. Yet, even for fully trusted software components, programming errors, software weaknesses or failures can lead to a compromised situation. The focus of the chapter is to show how different technologies that span different architectural levels can be used and combined to provide the required security and trustworthiness.
New methods and technologies are required to develop an end-to-end solution for development and deployment of trusted apps (Prehofer, Kornaros, & Paolino, 2015). Such methods and technologies are the building blocks for a new architectural approach. The overall idea is to provide a layered approach, consisting of multiple, independent defense mechanisms. In conjunction with the layered architecture, different classes of applications are defined, depending on their criticality.
An overview organization of an open cyber-physical system is shown in Figure 1. This figure shows a network of CPS nodes, which are orchestrated to perform distributed control services, commonly monitoring and actuation services, and user interaction tasks. For these kind of networks, there is often a need for real-time communication, hence networks like CAN or deterministic Ethernet are used. In an open cyber-physical system architecture, usually an Open Apps Platform device is acting as a gateway that connects to external untrusted networks. Besides its gateway functionality, this device also provides an open platform for adding new application software, hereby called as “apps”. The gateway functionality of the device is needed for many applications that execute in the gateway or in the CPS nodes, but also for managing the applications themselves on the gateway. As CPSs’ functionality becomes more and more software dominated and the interaction between the physical and cyber systems increases, CPSs become more susceptible to external and internal attacks.
This work reviews current state-of-the-art challenges and solutions in support of open cyber-physical systems and presents a set of building blocks for a secure and trusted architecture, which comprises independent solutions that range from extensions of communication protocols and creation of Execution Environments (EE), to securing real-time resource management and model-based development. Specifically, this work makes the following contributions: