skip to main content
research-article

A Security Cost Modelling Framework for Cyber-Physical Systems

Published:22 April 2022Publication History
Skip Abstract Section

Abstract

Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge, since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise, and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common Cost Unit. Moreover, we show how the Security Costs can be extracted from the overall performance measurements, which allows us to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs.

REFERENCES

  1. [1] Aarniala Jari. 2005. Instrumenting java bytecode. In Seminar work for the Compilerscourse, Department of Computer Science, University of Helsinki, Finland.Google ScholarGoogle Scholar
  2. [2] Alkhabbas Fahed, Spalazzese Romina, and Davidsson Paul. 2016. IoT-based systems of systems. In Proceedings of the 2nd Swedish Workshop on the Engineering of Systems of Systems (SWESOS’16).Google ScholarGoogle Scholar
  3. [3] Alliance Allseen. 2016. Alljoyn Framework. Linux Foundation Collaborative Projects. Retrieved September 14, 2016 from https://allseenalliance.org/framework.Google ScholarGoogle Scholar
  4. [4] Alliance Open Mobile. 2012. Lightweight machine to machine architecture. (unpublished).Google ScholarGoogle Scholar
  5. [5] Alliance ZigBee and Alliance HomePlug. 2013. Smart energy profile 2 application protocol standard. (unpublished).Google ScholarGoogle Scholar
  6. [6] Almada-Lobo Francisco. 2016. The Industry 4.0 revolution and the future of Manufacturing Execution Systems (MES). J. Innov. Manage. 3, 4 (2016), 1621.Google ScholarGoogle ScholarCross RefCross Ref
  7. [7] Anderson Keith B., Durbin Erik, and Salinger Michael A.. 2008. Identity theft. J. Econ. Perspect. 22, 2 (2008), 171192.Google ScholarGoogle ScholarCross RefCross Ref
  8. [8] Anderson Ross. 2005. Economics and security resource page.Google ScholarGoogle Scholar
  9. [9] Anderson Ross, Barton Chris, Bölme Rainer, Clayton Richard, Ganán Carlos, Grasso Tom, Levi Michael, Moore Tyler, and Vasek Marie. 2019. Measuring the changing cost of cybercrime. The 18th Annual Workshop on the Economics of Information Security. Google ScholarGoogle ScholarCross RefCross Ref
  10. [10] Anderson Ross and Moore Tyler. 2006. The economics of information security. Science 314, 5799 (2006), 610613.Google ScholarGoogle ScholarCross RefCross Ref
  11. [11] Baheti Radhakisan and Gill Helen. 2011. Cyber-physical systems. The Impact of Control Technology 12, 1 (2011), 161–166. https://www.researchgate.net/profile/Mohamed-Mourad-Lafifi/post/What_is_the_difference_between_Cyber_Physical_Systems_and_Networked_Control_Systems/attachment/59d6407379197b807799caa6/AS%3A431158354812928%401479807570298/download/IoCT-Part3-02CyberphysicalSystems.pdf.Google ScholarGoogle Scholar
  12. [12] Barrère Martín, Hankin Chris, Nicolaou Nicolas, Eliades Demetrios G., and Parisini Thomas. 2020. Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies. J. Inf. Securi. Appl. 52 (2020), 102471. https://www.sciencedirect.com/science/article/pii/S2214212619311342.Google ScholarGoogle ScholarCross RefCross Ref
  13. [13] Bicaku Ani, Maksuti Silia, Hegedűs Csaba, Tauber Markus, Delsing Jerker, and Eliasson Jens. 2018. Interacting with the arrowhead local cloud: On-boarding procedure. In Proceedings of the IEEE Industrial Cyber-physical Systems (ICPS’18). IEEE, 743748.Google ScholarGoogle ScholarCross RefCross Ref
  14. [14] Bodei Chiara, Degano Pierpaolo, Ferrari Gian-Luigi, and Galletta Letterio. 2020. Security metrics at work on the things in IoT Systems. In From Lambda Calculus to Cybersecurity Through Program Analysis. Springer, 233255.Google ScholarGoogle ScholarCross RefCross Ref
  15. [15] Chang Byeong-Mo, Son Janine Cassandra, and Choi Kwanghoon. 2020. A GQM approach to evaluation of the quality of smartthings applications using static analysis. KSII Trans. Internet Inf. Syst. 14, 6 (2020).Google ScholarGoogle Scholar
  16. [16] Chen Mike Y., Kiciman Emre, Fratkin Eugene, Fox Armando, and Brewer Eric. 2002. Pinpoint: Problem determination in large, dynamic internet services. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE, 595604.Google ScholarGoogle ScholarCross RefCross Ref
  17. [17] Consortium Arrowhead. 2020. Arrowhead Framework. Retrieved from https://github.com/arrowhead-f/core-java.Google ScholarGoogle Scholar
  18. [18] Delsing Jerker. 2017. Iot Automation: Arrowhead Framework. CRC Press.Google ScholarGoogle ScholarCross RefCross Ref
  19. [19] Derhamy Hasan, Eliasson Jens, Delsing Jerker, and Priller Peter. 2015. A survey of commercial frameworks for the internet of things. In Proceedings of the IEEE International Conference on Emerging Technologies and Factory Automation. IEEE Communications Society.Google ScholarGoogle ScholarCross RefCross Ref
  20. [20] Dumas Marlon, Rosa Marcello La, Mendling Jan, and Reijers Hajo A.. 2018. Fundamentals of business process management.Google ScholarGoogle Scholar
  21. [21] Erl Thomas. 2016. SOA Principles of Service Design. Prentice Hall Press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. [22] Esterle Lukas and Grosu Radu. 2016. Cyber-physical systems: challenge of the 21st century. e & i Elektrotech. Informationstechn. 133, 7 (2016), 299303.Google ScholarGoogle ScholarCross RefCross Ref
  23. [23] Garg Vaibhav, Camp L. Jean, and Kanich Chris. 2013. Analysis of ecrime in crowd-sourced labor markets: Mechanical turk vs. freelancer. In The Economics of Information Security and Privacy. Springer, 301321.Google ScholarGoogle ScholarCross RefCross Ref
  24. [24] Hermann Mario, Pentek Tobias, and Otto Boris. 2016. Design principles for industrie 4.0 scenarios. In Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS’16). IEEE, 39283937.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. [25] Hu Fei. 2013. Cyber-physical Systems: Integrated Computing and Engineering Design. CRC Press.Google ScholarGoogle ScholarCross RefCross Ref
  26. [26] IoTivity Iotivity. 2015. A linux foundation collaborative project. Retrieved from https://www.iotivity.org/.Google ScholarGoogle Scholar
  27. [27] Ivkić Igor, Mauthe Andreas, and Tauber Markus. 2019. Towards a security cost model for cyber-physical systems. In Proceedings of the 16th IEEE Annual Consumer Communications & Networking Conference (CCNC’19). IEEE, 17.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. [28] Ivkić Igor, Pichler Harald, Zsialk Mario, Mauthe Andreas, and Tauber Markus. 2019. A framework for measuring the costs of security at runtime. In Proceedings of the 9th IEEE International Conference on Cloud Computing and Services Science (CLOSER’19). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  29. [29] Ivkić Igor, Wolfauer Stephan, Oberhofer Thomas, and Tauber Markus. 2017. On the cost of cyber security in smart business. In Proceedings of the12th International Conference for Internet Technology and Secured Transactions (ICITST’17).Google ScholarGoogle Scholar
  30. [30] Kansal Aman, Zhao Feng, Liu Jie, Kothari Nupur, and Bhattacharya Arka A.. 2010. Virtual machine power metering and provisioning. In Proceedings of the 1st ACM Symposium on Cloud Computing. ACM, 3950.Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. [31] Lee Edward Ashford and Seshia Sanjit A.. 2017. Introduction to Embedded Systems: A Cyber-physical Systems Approach.Google ScholarGoogle Scholar
  32. [32] Lilja David J.. 2005. Measuring Computer Performance: A Practitioner’s Guide. Cambridge University Press.Google ScholarGoogle Scholar
  33. [33] Liu Yang, Peng Yu, Wang Bailing, Yao Sirui, and Liu Zihe. 2017. Review on cyber-physical systems. IEEE/CAA J. Autom. Sinica 4, 1 (2017), 2740.Google ScholarGoogle ScholarCross RefCross Ref
  34. [34] Lu Yang. 2017. Industry 4.0: A survey on technologies, applications and open research issues. J. Industr. Inf. Integr. 6 (2017), 110.Google ScholarGoogle ScholarCross RefCross Ref
  35. [35] Luna Jesus, Ghani Hamza, Germanus Daniel, and Suri Neeraj. 2011. A security metrics framework for the cloud. In Proceedings of the International Conference on Security and Cryptography (SECRYPT’11). IEEE, 245250.Google ScholarGoogle Scholar
  36. [36] McGuire Mike and Dowling Samantha. 2013. Cyber crime: A review of the evidence. Summary of Key Findings and Implications.Home Office Research Report 75.Google ScholarGoogle Scholar
  37. [37] Moore Tyler and Clayton Richard. 2007. Examining the impact of website take-down on phishing. In Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit. ACM, 113.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. [38] Moore Tyler and Clayton Richard. 2009. The impact of incentives on notice and take-down. In Managing Information Risk and the Economics of Security. Springer, 199223.Google ScholarGoogle ScholarCross RefCross Ref
  39. [39] Naver. 2020. Performance Analysis. Retrieved from https://naver.github.io/pinpoint/2.0.1/performance.html.Google ScholarGoogle Scholar
  40. [40] Naver. 2020. Pinpoint. Retrieved from https://naver.github.io/pinpoint/.Google ScholarGoogle Scholar
  41. [41] Naylor David, Finamore Alessandro, Leontiadis Ilias, Grunenberger Yan, Mellia Marco, Munafò Maurizio, Papagiannaki Konstantina, and Steenkiste Peter. 2014. The cost of the “s” in https. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies. 133140.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. [42] Nourian Arash and Madnick Stuart. 2015. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet. IEEE Trans. Depend. Sec. Comput. 15, 1 (2015), 213.Google ScholarGoogle ScholarCross RefCross Ref
  43. [43] Pereira T., Barreto L., and Amaral A.. 2017. Network and information security challenges within Industry 4.0 paradigm. Proc. Manufact. 13 (2017), 12531260.Google ScholarGoogle ScholarCross RefCross Ref
  44. [44] Platzer André. 2018. Logical Foundations of Cyber-Physical Systems, vol 662. Springer. .Google ScholarGoogle ScholarCross RefCross Ref
  45. [45] Rajkumar Raj, Niz Dionisio De, and Klein Mark. 2016. Cyber-Physical Systems. Addison-Wesley Professional.Google ScholarGoogle Scholar
  46. [46] Scala Natalie M. and Goethals Paul L.. 2020. A model for and inventory of cybersecurity values: metrics and best practices. In Handbook of Military and Defense Operations Research. Chapman & Hall/CRC, 305330.Google ScholarGoogle Scholar
  47. [47] Shelby Z. and Chauvenet C.. 2012. The IPSO Application Framework draft-ipso-app-framework-04. Retrieved June 3, 2014 from http://www.ipso-alliance.org/wp-content/media/draft-ipso-app-framework-04.pdf.Google ScholarGoogle Scholar
  48. [48] Sigelman Benjamin H., Barroso Luiz Andre, Burrows Mike, Stephenson Pat, Plakal Manoj, Beaver Donald, Jaspan Saul, and Shanbhag Chandan. 2010. Dapper, a large-scale distributed systems tracing infrastructure. https://storage.googleapis.com/pub-tools-public-publication-data/pdf/36356.pdf.Google ScholarGoogle Scholar
  49. [49] Tariq Muhammad Imran. 2012. Towards information security metrics framework for cloud computing. Int. J. Cloud Comput. Serv. Sci. 1, 4 (2012), 209.Google ScholarGoogle Scholar
  50. [50] Tauber Markus and Bhatti Saleem N.. 2012. The effect of the 802.11 power save mechanism (PSM) on energy efficiency and performance during system activity. In Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom’12). IEEE, 573580.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. [51] Tauber Markus, Bhatti Saleem N., and Yu Yi. 2011. Application level energy and performance measurements in a wireless LAN. In Proceedings of the IEEE/ACM International Conference on Green Computing and Communications. IEEE Computer Society, 100109.Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. [52] Tauber Markus, Bhatti Saleem N., and Yu Yi. 2012. Towards energy-awareness in managing wireless LAN applications. In Proceedings of the IEEE Network Operations and Management Symposium (NOMS’12). IEEE, 453461.Google ScholarGoogle ScholarCross RefCross Ref
  53. [53] Turing Alan Mathison. 1936. On computable numbers, with an application to the Entscheidungsproblem. J. Math. 58, 345-363 (1936), 5.Google ScholarGoogle Scholar
  54. [54] Vafaei Nazanin, Ribeiro Rita A., and Camarinha-Matos Luis M.. 2016. Normalization techniques for multi-criteria decision making: analytical hierarchy process case study. In Doctoral Conference on Computing, Electrical and Industrial Systems. Springer, 261269.Google ScholarGoogle ScholarCross RefCross Ref
  55. [55] Looy Amy Van and Shafagatova Aygun. 2016. Business process performance measurement: a structured literature review of indicators, measures and metrics. SpringerPlus 5, 1 (2016), 1797.Google ScholarGoogle ScholarCross RefCross Ref
  56. [56] Varga Pal, Blomstedt Fredrik, Ferreira Luis Lino, Eliasson Jens, Johansson Mats, Delsing Jerker, and Soria Iker Martínez de. 2017. Making system of systems interoperable–The core components of the arrowhead framework. J. Netw. Comput. Appl. 81 (2017), 8595.Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. [57] Vaz Rayner, Shah Viraj, Sawhney Arjun, and Deolekar Rugved. 2017. Automated big-o analysis of algorithms. In Proceedings of the International Conference on Nascent Technologies in Engineering (ICNTE’17). IEEE, 16.Google ScholarGoogle ScholarCross RefCross Ref
  58. [58] Weiß-Engel G.. 2018. The PiLogger One Manual. PiLogger.Google ScholarGoogle Scholar
  59. [59] Wiener Norbert. 1948. Cybernetics or Control and Communication in the Animal and the Machine. Technology Press.Google ScholarGoogle Scholar
  60. [60] Wurm Jacob, Jin Yier, Liu Yang, Hu Shiyan, Heffner Kenneth, Rahman Fahim, and Tehranipoor Mark. 2017. Introduction to cyber-physical system security: A cross-layer perspective. IEEE Trans. Multi-Scale Comput. Syst. 3, 3 (2017), 215227.Google ScholarGoogle ScholarCross RefCross Ref
  61. [61] Yar Majid and Steinmetz Kevin F.. 2019. Cybercrime and Xociety. SAGE Publications Limited.Google ScholarGoogle Scholar
  62. [62] Yee George O. M.. 2013. Security metrics: An introduction and literature review. In Computer and Information Security Handbook (2nd ed.). Elsevier, 553566.Google ScholarGoogle Scholar

Index Terms

  1. A Security Cost Modelling Framework for Cyber-Physical Systems

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM Transactions on Internet Technology
              ACM Transactions on Internet Technology  Volume 22, Issue 2
              May 2022
              582 pages
              ISSN:1533-5399
              EISSN:1557-6051
              DOI:10.1145/3490674
              • Editor:
              • Ling Liu
              Issue’s Table of Contents

              Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 22 April 2022
              • Accepted: 1 February 2021
              • Revised: 1 September 2020
              • Received: 1 June 2020
              Published in toit Volume 22, Issue 2

              Permissions

              Request permissions about this article.

              Request Permissions

              Check for updates

              Qualifiers

              • research-article
              • Refereed

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader

            Full Text

            View this article in Full Text.

            View Full Text

            HTML Format

            View this article in HTML Format .

            View HTML Format
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!