Abstract
Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge, since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise, and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common Cost Unit. Moreover, we show how the Security Costs can be extracted from the overall performance measurements, which allows us to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs.
- [1] . 2005. Instrumenting java bytecode. In Seminar work for the Compilerscourse, Department of Computer Science, University of Helsinki, Finland.Google Scholar
- [2] . 2016. IoT-based systems of systems. In Proceedings of the 2nd Swedish Workshop on the Engineering of Systems of Systems (SWESOS’16).Google Scholar
- [3] . 2016. Alljoyn Framework. Linux Foundation Collaborative Projects. Retrieved September 14, 2016 from https://allseenalliance.org/framework.Google Scholar
- [4] . 2012. Lightweight machine to machine architecture. (unpublished).Google Scholar
- [5] . 2013. Smart energy profile 2 application protocol standard. (unpublished).Google Scholar
- [6] . 2016. The Industry 4.0 revolution and the future of Manufacturing Execution Systems (MES). J. Innov. Manage. 3, 4 (2016), 16–21.Google Scholar
Cross Ref
- [7] . 2008. Identity theft. J. Econ. Perspect. 22, 2 (2008), 171–192.Google Scholar
Cross Ref
- [8] . 2005. Economics and security resource page.Google Scholar
- [9] . 2019. Measuring the changing cost of cybercrime. The 18th Annual Workshop on the Economics of Information Security. Google Scholar
Cross Ref
- [10] . 2006. The economics of information security. Science 314, 5799 (2006), 610–613.Google Scholar
Cross Ref
- [11] . 2011. Cyber-physical systems. The Impact of Control Technology 12, 1 (2011), 161–166. https://www.researchgate.net/profile/Mohamed-Mourad-Lafifi/post/What_is_the_difference_between_Cyber_Physical_Systems_and_Networked_Control_Systems/attachment/59d6407379197b807799caa6/AS%3A431158354812928%401479807570298/download/IoCT-Part3-02CyberphysicalSystems.pdf.Google Scholar
- [12] . 2020. Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies. J. Inf. Securi. Appl. 52 (2020), 102471. https://www.sciencedirect.com/science/article/pii/S2214212619311342.Google Scholar
Cross Ref
- [13] . 2018. Interacting with the arrowhead local cloud: On-boarding procedure. In Proceedings of the IEEE Industrial Cyber-physical Systems (ICPS’18). IEEE, 743–748.Google Scholar
Cross Ref
- [14] . 2020. Security metrics at work on the things in IoT Systems. In From Lambda Calculus to Cybersecurity Through Program Analysis. Springer, 233–255.Google Scholar
Cross Ref
- [15] . 2020. A GQM approach to evaluation of the quality of smartthings applications using static analysis. KSII Trans. Internet Inf. Syst. 14, 6 (2020).Google Scholar
- [16] . 2002. Pinpoint: Problem determination in large, dynamic internet services. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE, 595–604.Google Scholar
Cross Ref
- [17] . 2020. Arrowhead Framework. Retrieved from https://github.com/arrowhead-f/core-java.Google Scholar
- [18] . 2017. Iot Automation: Arrowhead Framework. CRC Press.Google Scholar
Cross Ref
- [19] . 2015. A survey of commercial frameworks for the internet of things. In Proceedings of the IEEE International Conference on Emerging Technologies and Factory Automation. IEEE Communications Society.Google Scholar
Cross Ref
- [20] . 2018. Fundamentals of business process management.Google Scholar
- [21] . 2016. SOA Principles of Service Design. Prentice Hall Press.Google Scholar
Digital Library
- [22] . 2016. Cyber-physical systems: challenge of the 21st century. e & i Elektrotech. Informationstechn. 133, 7 (2016), 299–303.Google Scholar
Cross Ref
- [23] . 2013. Analysis of ecrime in crowd-sourced labor markets: Mechanical turk vs. freelancer. In The Economics of Information Security and Privacy. Springer, 301–321.Google Scholar
Cross Ref
- [24] . 2016. Design principles for industrie 4.0 scenarios. In Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS’16). IEEE, 3928–3937.Google Scholar
Digital Library
- [25] . 2013. Cyber-physical Systems: Integrated Computing and Engineering Design. CRC Press.Google Scholar
Cross Ref
- [26] . 2015. A linux foundation collaborative project. Retrieved from https://www.iotivity.org/.Google Scholar
- [27] . 2019. Towards a security cost model for cyber-physical systems. In Proceedings of the 16th IEEE Annual Consumer Communications & Networking Conference (CCNC’19). IEEE, 1–7.Google Scholar
Digital Library
- [28] . 2019. A framework for measuring the costs of security at runtime. In Proceedings of the 9th IEEE International Conference on Cloud Computing and Services Science (CLOSER’19). IEEE.Google Scholar
Cross Ref
- [29] . 2017. On the cost of cyber security in smart business. In Proceedings of the12th International Conference for Internet Technology and Secured Transactions (ICITST’17).Google Scholar
- [30] . 2010. Virtual machine power metering and provisioning. In Proceedings of the 1st ACM Symposium on Cloud Computing. ACM, 39–50.Google Scholar
Digital Library
- [31] . 2017. Introduction to Embedded Systems: A Cyber-physical Systems Approach.Google Scholar
- [32] . 2005. Measuring Computer Performance: A Practitioner’s Guide. Cambridge University Press.Google Scholar
- [33] . 2017. Review on cyber-physical systems. IEEE/CAA J. Autom. Sinica 4, 1 (2017), 27–40.Google Scholar
Cross Ref
- [34] . 2017. Industry 4.0: A survey on technologies, applications and open research issues. J. Industr. Inf. Integr. 6 (2017), 1–10.Google Scholar
Cross Ref
- [35] . 2011. A security metrics framework for the cloud. In Proceedings of the International Conference on Security and Cryptography (SECRYPT’11). IEEE, 245–250.Google Scholar
- [36] . 2013. Cyber crime: A review of the evidence. Summary of Key Findings and Implications.Home Office Research Report 75.Google Scholar
- [37] . 2007. Examining the impact of website take-down on phishing. In Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit. ACM, 1–13.Google Scholar
Digital Library
- [38] . 2009. The impact of incentives on notice and take-down. In Managing Information Risk and the Economics of Security. Springer, 199–223.Google Scholar
Cross Ref
- [39] . 2020. Performance Analysis. Retrieved from https://naver.github.io/pinpoint/2.0.1/performance.html.Google Scholar
- [40] . 2020. Pinpoint. Retrieved from https://naver.github.io/pinpoint/.Google Scholar
- [41] . 2014. The cost of the “s” in https. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies. 133–140.Google Scholar
Digital Library
- [42] . 2015. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet. IEEE Trans. Depend. Sec. Comput. 15, 1 (2015), 2–13.Google Scholar
Cross Ref
- [43] . 2017. Network and information security challenges within Industry 4.0 paradigm. Proc. Manufact. 13 (2017), 1253–1260.Google Scholar
Cross Ref
- [44] . 2018. Logical Foundations of Cyber-Physical Systems, vol 662. Springer. .Google Scholar
Cross Ref
- [45] . 2016. Cyber-Physical Systems. Addison-Wesley Professional.Google Scholar
- [46] . 2020. A model for and inventory of cybersecurity values: metrics and best practices. In Handbook of Military and Defense Operations Research. Chapman & Hall/CRC, 305–330.Google Scholar
- [47] . 2012. The IPSO Application Framework draft-ipso-app-framework-04. Retrieved June 3, 2014 from http://www.ipso-alliance.org/wp-content/media/draft-ipso-app-framework-04.pdf.Google Scholar
- [48] . 2010. Dapper, a large-scale distributed systems tracing infrastructure. https://storage.googleapis.com/pub-tools-public-publication-data/pdf/36356.pdf.Google Scholar
- [49] . 2012. Towards information security metrics framework for cloud computing. Int. J. Cloud Comput. Serv. Sci. 1, 4 (2012), 209.Google Scholar
- [50] . 2012. The effect of the 802.11 power save mechanism (PSM) on energy efficiency and performance during system activity. In Proceedings of the IEEE International Conference on Green Computing and Communications (GreenCom’12). IEEE, 573–580.Google Scholar
Digital Library
- [51] . 2011. Application level energy and performance measurements in a wireless LAN. In Proceedings of the IEEE/ACM International Conference on Green Computing and Communications. IEEE Computer Society, 100–109.Google Scholar
Digital Library
- [52] . 2012. Towards energy-awareness in managing wireless LAN applications. In Proceedings of the IEEE Network Operations and Management Symposium (NOMS’12). IEEE, 453–461.Google Scholar
Cross Ref
- [53] . 1936. On computable numbers, with an application to the Entscheidungsproblem. J. Math. 58, 345-363 (1936), 5.Google Scholar
- [54] . 2016. Normalization techniques for multi-criteria decision making: analytical hierarchy process case study. In Doctoral Conference on Computing, Electrical and Industrial Systems. Springer, 261–269.Google Scholar
Cross Ref
- [55] . 2016. Business process performance measurement: a structured literature review of indicators, measures and metrics. SpringerPlus 5, 1 (2016), 1797.Google Scholar
Cross Ref
- [56] . 2017. Making system of systems interoperable–The core components of the arrowhead framework. J. Netw. Comput. Appl. 81 (2017), 85–95.Google Scholar
Digital Library
- [57] . 2017. Automated big-o analysis of algorithms. In Proceedings of the International Conference on Nascent Technologies in Engineering (ICNTE’17). IEEE, 1–6.Google Scholar
Cross Ref
- [58] . 2018. The PiLogger One Manual. PiLogger.Google Scholar
- [59] . 1948. Cybernetics or Control and Communication in the Animal and the Machine. Technology Press.Google Scholar
- [60] . 2017. Introduction to cyber-physical system security: A cross-layer perspective. IEEE Trans. Multi-Scale Comput. Syst. 3, 3 (2017), 215–227.Google Scholar
Cross Ref
- [61] . 2019. Cybercrime and Xociety. SAGE Publications Limited.Google Scholar
- [62] . 2013. Security metrics: An introduction and literature review. In Computer and Information Security Handbook (2nd ed.). Elsevier, 553–566.Google Scholar
Index Terms
A Security Cost Modelling Framework for Cyber-Physical Systems
Recommendations
Towards a Security Cost Model for Cyber-Physical Systems
2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC)In times of Industry 4.0 and cyber-physical systems (CPS) providing security is one of the biggest challenges. A cyber attack launched at a CPS poses a huge threat, since a security incident may affect both the cyber and the physical world. Since CPS are ...
Towards a Unified Framework for Cyber-Physical Systems (CPS)
CDEE '10: Proceedings of the 2010 First ACIS International Symposium on Cryptography, and Network Security, Data Mining and Knowledge Discovery, E-Commerce and Its Applications, and Embedded SystemsCyber-Physical Systems (CPS) integrate computation with physical processes. By merging computing and communication with physical processes CPS allows computer systems to monitor and interact with the physical world. However, today's computing and ...
Security Objectives of Cyber Physical Systems
SECTECH '14: Proceedings of the 2014 7th International Conference on Security TechnologyToday, cyber physical systems (CPS) are ubiquitous in power networks, healthcare devices, transportation networks, industrial process and infrastructures. Security of cyber physical systems has become the utmost important concern in system design, ...






Comments