Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On the Cost of Security Compliance in Information Systems
Forschung Burgenland, Eisenstadt, Austria.
Forschung Burgenland, Eisenstadt, Austria; Lancaster University, Lancaster, UK.
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab. University of Applied Sciences Burgenland, Eisenstadt, Austria.
AVL LIST GmbH.
Show others and affiliations
2019 (English)In: Proceedings of the 10th International Multi-Conferences on Complexity, Informatics and Cybernetics: IMCIC 2019 / [ed] Nagib Callaos; T. Grandon Gill; Natalja Lace; Suzanne K. Lunsford; Belkis Sánchez, International Institute of Informatics and Systemics (IIIS) , 2019, Vol. I, p. 165-170Conference paper, Published paper (Refereed)
Abstract [en]

The onward development of information and communication technology has led to a new industrial revolution called Industry 4.0. This revolution involves Cyber-Physical Production Systems (CPPS), which consist of intelligent Cyber-Physical Systems that may be able to adapt themselves autonomously in a production environment. At the moment, machines in industrial environments are often not connected to the internet, which thus needs a point-to-point connection to access the device if necessary. Through Industry 4.0, these devices should enable remote access for smart maintenance through a connection to the outside world. However, this connection opens the gate for possible cyber-attacks and thus raises the question about providing security for these environments. Therefore, this paper used an adapted approach based on SixSigma to solve this security problem by investigating security standards. Security requirements were gathered and mapped to controls from well known security standards, formed into a catalog. This catalog includes assessment information to check how secure a solution for a use case is and also includes a link to an estimation method for implementation cost. Thus this paper’s outcome shows how to make Industry 4.0 use cases secure by fulfilling security standard controls and how to estimate the resulting implementation costs. 

Place, publisher, year, edition, pages
International Institute of Informatics and Systemics (IIIS) , 2019. Vol. I, p. 165-170
Keywords [en]
Industry 4.0, cyber-physical systems, requirements engineering, standard compliance, security, remote access, costs
National Category
Computer Systems
Research subject
Electronic systems
Identifiers
URN: urn:nbn:se:ltu:diva-86211Scopus ID: 2-s2.0-85066018219OAI: oai:DiVA.org:ltu-86211DiVA, id: diva2:1576395
Conference
10th International Multi-Conference on Complexity, Informatics and Cybernetics (IMCIC 2019), Orlando, USA, March 12-15, 2019
Note

ISBN för värdpublikation: 978-1-941763-95-7; 978-1-941763-96-4 (volume);

Finansiär: EU ECSEL Joint Undertaking (n737459); IWB-EFRE

Available from: 2021-07-01 Created: 2021-07-01 Last updated: 2021-10-02Bibliographically approved
In thesis
1. Autonomic Management of System of Systems Security
Open this publication in new window or tab >>Autonomic Management of System of Systems Security
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The digitalization of manufacturing industry and the profound reliance on interconnected System of Systems (SoS) is demanding for innovative solutions that can handle production processes, while making use of the new data that is being generated by various connected devices. Innovations based on collecting, evaluating, and using this data can improve existing processes and create new business models. Although this is beneficial to the user, at the same time, it opens the way for adversaries to exploit new vulnerabilities. Since the factories are exposing their internal production processes to the internet, security is one of the challenges that should be addressed in this new digitalization era, referred to as the fourth industrial revolution or Industry 4.0. Furthermore, security cannot be seen as independent from other non-functional requirements of SoS, e.g. performance or safety aspects. Addressing security without risking to negatively affect other aspects and vice versa is a main concern for such interconnected systems.

This thesis outlines the progress made towards security management and mitigation in SoS. It proposes an automated and secure onboarding procedure, which is required to introduce a new device in a SoS environment without compromising the already on-boarded devices and the underlying infrastructure. The proposed procedure establishes a chain of trust from the hardware device to its hosted application systems and their provided services by creating a chain of digital certificates. Thus, it allows to rely on the information on which “smart” decisions are being based, while ensuring a secure and trusted communication between the interacting systems.

Even with security controls in place, e.g. the automated onboarding procedure, maintaining a required security level for the SoS as a whole is difficult due to uncertainties that may occur at runtime. Uncertainties may occur due to internal factors, e.g. malfunction of a system, or external factors, e.g. malicious attacks. One approach that can tackle these uncertainties at run time and manage trade-offs between security and other non-functional requirements is self-adaptation. Self-adaptation enables a system to adapt in the face of such uncertainties without human intervention.

This thesis proposes a generic autonomic management system aimed to support the engineers in building self-adaptive systems that should cope with dynamic changes of the environment and system itself, while considering the expected rapid advances of system attacks. Given its generic property, the system can be reused and extended for a variety of use cases without requiring major modifications. This will reduce the software engineering effort needed to implement the generic control mechanisms. A prototype of the system has been implemented and tested.

Place, publisher, year, edition, pages
Luleå University of Technology, 2021
Series
Doctoral thesis / Luleå University of Technology 1 jan 1997 → …, ISSN 1402-1544
Keywords
System of Systems, Security, Self-Adaptation, Autonomic Management, Eclipse Arrowhead
National Category
Computer Sciences
Research subject
Cyber-Physical Systems
Identifiers
urn:nbn:se:ltu:diva-87316 (URN)978-91-7790-942-2 (ISBN)978-91-7790-943-9 (ISBN)
Public defence
2021-11-17, E632, Luleå, 10:00 (English)
Opponent
Supervisors
Available from: 2021-10-04 Created: 2021-10-02 Last updated: 2022-01-03Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Scopushttp://www.iiis.org/CDs2019/CD2019Spring/papers/ZA370QI.pdf

Authority records

Maksuti, Silia

Search in DiVA

By author/editor
Maksuti, Silia
By organisation
Embedded Internet Systems Lab
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 45 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf