Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat with Paper · Trending Papers
Emergent Mind

Security Modelling for Cyber-Physical Systems: A Systematic Literature Review

(2404.07527)
Published Apr 11, 2024 in cs.CR

Abstract

Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems, and the soft underbelly of critical infrastructure reliant on CPS. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system lifecycles, and to ultimately ensure system resilience, safety, and reliability. This literature review explore state-of-the-art research in CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This article elaborates on the differences between threat and attack modelling, examining their implications for CPS security. A systematic search yielded 428 articles, from which 15 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the lifecycle of CPS, which typically span longer durations compared to traditional IT systems. This article also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Security modelling framework for cyber-physical systems (CPS).

Overview

  • The paper conducts a systematic literature review on security modelling for cyber-physical systems (CPS), focusing on threat and attack modelling methodologies.

  • It identifies gaps in current research, notably the predominant focus on IT systems and the lack of models tailored to CPS' unique characteristics.

  • A unified security modelling framework integrating threat modelling, attack modelling, and continuous monitoring is proposed to enhance CPS security.

  • Future research directions include incorporating real-time data for adaptive responses, exploring advanced modelling techniques, and developing self-healing CPS.

A Systematic Review on Security Modelling for Cyber-Physical Systems

Introduction to Cyber-Physical Systems (CPS) Security Modelling

Cyber-physical systems (CPS) integrate physical processes with cybersecurity and digital networking, occupying central roles in vital sectors including healthcare, transportation, and industrial automation. With their deep integration into critical infrastructure, CPS have emerged as focal points for sophisticated cyberattacks, underscoring the importance of robust security modelling to safeguard them against evolving threats. This paper presents a systematic literature review on the current state and methodologies of CPS security modelling, focusing on threat and attack modelling, their applications, and the distinguishing factors between them in the context of CPS security. A total of 15 articles were identified and analyzed, revealing notable trends, gaps, and opportunities for future research in the domain.

Current State of CPS Security Modelling

The paper categorizes the selected studies into three clusters: (1) threat modelling methods, (2) attack modelling methods, and (3) systematic literature reviews on these topics. It emphasizes that while both threat and attack modelling are crucial for envisioning defensive strategies, they serve different purposes within the security landscape of CPS. Threat modelling is typically performed during the early phases of system development to anticipate and mitigate potential vulnerabilities upfront. Conversely, attack modelling tends to be applied once systems are operational, aiming to counter specific tactics, techniques, and procedures used by attackers.

Gaps and Challenges

Several limitations within existing research on CPS security modelling were highlighted:

  • Focus on IT Systems: Current security models are predominantly tailored to IT systems, lacking the depth and specificity required to address the unique characteristics of CPS. These include the systems’ dynamic, multi-layer, multi-path, and multi-agent nature, which are not adequately covered by existing models.
  • Outdated Approaches Due to Evolving Threats: The rapid evolution of cyber threats often renders early-stage threat models obsolete by the time a CPS is fully operational, posing challenges in maintaining their relevance over time.
  • Ambiguity in Definitions and Applications: The literature reveals confusion regarding the distinct roles and definitions of threat and attack modelling in the context of CPS. This ambiguity complicates the development of a cohesive framework for CPS security.

The Proposed Unified Security Modelling Framework

Responding to these challenges, the paper proposes a unified security modelling framework that integrates threat modelling, attack modelling, and continuous security monitoring throughout the lifecycle of CPS. This framework seeks to address the dynamic nature of cyber-physical attacks and the evolving capabilities of attackers, ensuring robust and adaptive defensive strategies.

Future Research Directions

The review identifies several areas for future research aiming to strengthen CPS security modelling:

  • Incorporating Real-time Data and Feedback: Enhancing models with real-time operational data and feedback can improve their accuracy and relevance, enabling adaptive responses to emerging threats.
  • Exploring Novel Modelling Techniques: Investigating advanced techniques such as Petri nets for modelling the complex interplay between cyber and physical components in CPS attacks.
  • Focusing on Self-healing CPS: Research into self-healing mechanisms can offer new avenues for automatic recovery and resilience in the face of attacks, minimizing potential damage.

Conclusion

This systematic review underscores the burgeoning interest in CPS security and the critical need for specialized modelling approaches that transcend traditional IT-centric methodologies. By addressing the identified gaps and exploring proposed research directions, the field can move towards more effective, adaptive, and resilient security strategies for the protection of cyber-physical systems.

Create an account to read this summary for free:

Sign up for free
or
Log in
Newsletter

Get summaries of trending comp sci papers delivered straight to your inbox:

Unsubscribe anytime.