Secure Software Development of Cyber-Physical and IoT Systems

Secure Software Development of Cyber-Physical and IoT Systems

Muthu Ramachandran (Leeds Metropolitan University, UK)
Copyright: © 2018 |Pages: 14
DOI: 10.4018/978-1-5225-2255-3.ch655
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

This real-world case study has been used to demonstrate the best practices on business process modelling and component based design for developing cloud services with Build Security In (BSI). BSI techniques, strategies, and processes presented in this article are general systems security principles and are applicable for both a cloud environment and traditional environment (non-cloud environment). The significant contribution of this research is to illustrate the application of the extended system security method known as SysSQUARE to elicit security requirements, identify security threats of data, as well as integrating build-in security techniques by modelling and simulating business processes upfront in the systems development life cycle.
Chapter Preview
Top

Introduction

Cyber-Physical Systems (CPS) and Internet of Things (IoT) is on the rapid increase as the demand for such applications is growing exponentially. There is a very strong reason for connecting three technologies such as CPS, IoT and Cloud as the first two are connected to a cloud for receiving and analysing data. Cloud computing has emerged to provide a more cost effective solution to businesses and services while making use of inexpensive computing solutions which combines pervasive, Internet, and virtualisation technologies. Cloud computing has spread to catch up with another technological evolution as we have witnessed Internet technology, which has revolutionised communication and information superhighway. Cloud computing is emerging rapidly and software as a service paradigm is increasing its demand for more services. However, this new trend needs to be more systematic with respect to developing secure software engineering and its related processes such as requirements, design, development, and test. For example, current challenges that are faced with cyber security are: application security flaws and lessons learned which can all be applied when developing applications for CPS and IoT systems. Similarly, as the demand for cloud services increases and so increased importance sought for security and privacy. Cloud service providers such as Microsoft, Google, Sales force.com, Amazon, GoGrid are able to leverage cloud technology with pay-per-use business model with on-demand elasticity by which resources can be expanded or shortened based on service requirements.

Alur (2015) defines CPS as:

“A CPS system is defined as a system consists of computing devices communicating with one another and interacting with the physical world via sensors and actuators.” Examples of such systems include from smart buildings to medical devices to automobiles.

McEwen and Cassimally (2014) defines IoT as:

“An IoT system consists of any physical objects contains controllers, sensors, and actuators are connected with Internet.” Examples of such system include any devices capable of sending and receiving data through the internet such as internet enabled washing machine, dishwasher, etc.

In other words, IoT can also be defined as the network of physical objects or things that are built or embedded with sensors, actuators, software, and connect via the internet which enables these objects to collect and exchange data. The difference between the CPS and IoT needs to be clarified as the applications being deployed over the years. First of all, let us look at a precursor is known as Embedded systems which have been successfully deployed in wider areas such as aerospace, manufacturing, chemical processes, civil infrastructures, etc. They key difference between the CPS and Embedded system is the inter-connectivity of these networked physical objects, whereas it often not embedded but interact with physical world objects. A wireless sensor networks can be mounted around a river to receive and exchange data amongst them to calculate any abnormal level of river overflow to avoid any natural disasters in the region. Therefore, security of CPS and IoT systems are paramount to our research as well as their data has been secured.

Key Terms in this Chapter

Service Reuse: The process of reusing services when composing new services.

Business Process as a Service (BPaaS): The set of process related to managing process related activities of a service business.

Build Security In (BSI): The process of identifying service security requirements right from beginning of the service identification to the complete life cycle.

Software Security Engineering (SSE): The new discipline of applying engineering principles to develop security requirements to engineer software applications including cloud services such as SaaS is essentially a software application which is delivered as a service.

Cloud Data Security (CDS): Security of maintaining and preserving client’s data that are kept in the cloud.

Complete Chapter List

Search this Book:
Reset