A Partition-Driven Integrated Security Architecture for Cyberphysical Systems

Yahya Javed; Muhamad Felemban; Tawfeeq Shawly; Jason Kobes; Arif Ghafoor

doi:10.1109/MC.2019.2914906

A Partition-Driven Integrated Security Architecture for Cyberphysical Systems

Yahya Javed^*
, Muhamad Felemban
, Tawfeeq Shawly
, Jason Kobes
, Arif Ghafoor

^*Corresponding author for this work

Research output: Contribution to specialist publication › Article

13 Scopus citations

Original language	English
Pages	47-56
Number of pages	10
Volume	53
No	3
Specialist publication	Computer
DOIs	https://doi.org/10.1109/MC.2019.2914906
State	Published - 1 Mar 2020

Bibliographical note

Funding Information:
The value of ~ for different values of n with σ = 3 and k = 0, 8 is shown in Figure 3(a). It can be seen that the performance of the proposed partition-driven architecture (k = 8) is considerably higher as compared to the nonpartitioned system (k = 0); he partition-driven security archi-for example, at n = 200, the value of tecture presented in this article ~ is 84.5 for the partitioned system, Tproposes a comprehensive secu-whereas its value is 7.4 for the non-rity solution for CPSs. The proposed partitioned system. Moreover, note architecture is able to contain the dam-that the value of ~ increases as the age propagation and recover the CPS value of n increases until 200 nodes automatically. However, there are sev-after that it decreases. This is due eral challenges that must be addressed to the fact that there exists an opti-to develop a robust security solution for mal protection-zone size that max-CPSs. These include dealing with the imizes the benefit. If the size of the performance of IDSs and evaluation of protection zone is too small, it is the proposed security architecture for more likely that damage will propa-more complex attacks. gate to other protection zones. If the size is too large, then many mem-ACKNOWLEDGMENTS ber nodes of the protection zone can This research is supported by grants become corrupted without any hin-from Northrop Grumman Corporation drance. Figure 3(b) shows the val-and by U.S. National Science Founda-ues of δ for 200-node topology for tion grant IIS-0964639. different v and k values. Notice that even when the attack propagation REFERENCES speed is high, that is, lower values 1. I. Eusgeld, C. Nan, and S. Dietz, of v, the partitioned system (k >0) “System-of-systemsapproachforinterde- can effectively contain damage rel-pendent critical infrastructures,”Reliab. ative to the nonpartitioned system Eng. Syst. Safety,vol. 96, no. 6, pp. 679– (k = 0). For higher v values, there is 686,2011.doi:10.1016/j.ress.2010.12.010. ample time for the response mecha-2. “FrameworkforCyber-Physical nism to react, and hence the perfor-SystemsRelease1.0,”NISTCyber-Physi- mance of the partition-driven archi-cal Systems Public tecture is significantly better. Figure 3(c) Working Group, National Institute shows the manipulated guideline of Standards andTechnology, price values in a smart meter.10 This U.S. Department of Commerce, change in guideline price increases Gaithersburg,MD, May2016. the energy consumption of a con-Accessed on: Jan. 29,2020.[Online]. sumer by 1.3 kWh on average in our Available:https://pages.nist.gov/ simulations. Figure 3(d) shows the cpspwg increase in overall demand by all of 3. M. Biro, A. Mashkoor, J. Samet- the customers corresponding to 200-inger, and R. Seker, “Software safety node topology for nonpartitioned and security risk mitigation in (k = 0) and partitioned systems (k = 8). It cyber-physical systems,” IEEE Softw., can be noted that the partition-driven vol. 35, no. 1, pp. 24–29, 2017. doi: architecture efficiently handles the 10.1109/MS.2017.4541050. attack, and correspondingly, load on 4. A. Humayed, J. Lin, F. Li, and B. Luo, the transmission lines connected to “Cyber-physical systems security: the bus connecting 200 consumers is A survey,” IEEE Internet Things J., not drastically increased in compari-vol. 4, no. 6, pp. 1802–1831, 2017. doi: son to the nonpartitioned system. 10.1109/JIOT.2017.2703172.

ASJC Scopus subject areas

General Computer Science

Access to Document

10.1109/MC.2019.2914906

Cite this

@misc{548aea94b62744a28bffb01dc8c61cfc,

title = "A Partition-Driven Integrated Security Architecture for Cyberphysical Systems",

author = "Yahya Javed and Muhamad Felemban and Tawfeeq Shawly and Jason Kobes and Arif Ghafoor",

note = "Funding Information: The value of \textasciitilde{} for different values of n with σ = 3 and k = 0, 8 is shown in Figure 3(a). It can be seen that the performance of the proposed partition-driven architecture (k = 8) is considerably higher as compared to the nonpartitioned system (k = 0); he partition-driven security archi-for example, at n = 200, the value of tecture presented in this article \textasciitilde{} is 84.5 for the partitioned system, Tproposes a comprehensive secu-whereas its value is 7.4 for the non-rity solution for CPSs. The proposed partitioned system. Moreover, note architecture is able to contain the dam-that the value of \textasciitilde{} increases as the age propagation and recover the CPS value of n increases until 200 nodes automatically. However, there are sev-after that it decreases. This is due eral challenges that must be addressed to the fact that there exists an opti-to develop a robust security solution for mal protection-zone size that max-CPSs. These include dealing with the imizes the benefit. If the size of the performance of IDSs and evaluation of protection zone is too small, it is the proposed security architecture for more likely that damage will propa-more complex attacks. gate to other protection zones. If the size is too large, then many mem-ACKNOWLEDGMENTS ber nodes of the protection zone can This research is supported by grants become corrupted without any hin-from Northrop Grumman Corporation drance. Figure 3(b) shows the val-and by U.S. National Science Founda-ues of δ for 200-node topology for tion grant IIS-0964639. different v and k values. Notice that even when the attack propagation REFERENCES speed is high, that is, lower values 1. I. Eusgeld, C. Nan, and S. Dietz, of v, the partitioned system (k >0) “System-of-systemsapproachforinterde- can effectively contain damage rel-pendent critical infrastructures,”Reliab. ative to the nonpartitioned system Eng. Syst. Safety,vol. 96, no. 6, pp. 679– (k = 0). For higher v values, there is 686,2011.doi:10.1016/j.ress.2010.12.010. ample time for the response mecha-2. “FrameworkforCyber-Physical nism to react, and hence the perfor-SystemsRelease1.0,”NISTCyber-Physi- mance of the partition-driven archi-cal Systems Public tecture is significantly better. Figure 3(c) Working Group, National Institute shows the manipulated guideline of Standards andTechnology, price values in a smart meter.10 This U.S. Department of Commerce, change in guideline price increases Gaithersburg,MD, May2016. the energy consumption of a con-Accessed on: Jan. 29,2020.[Online]. sumer by 1.3 kWh on average in our Available:https://pages.nist.gov/ simulations. Figure 3(d) shows the cpspwg increase in overall demand by all of 3. M. Biro, A. Mashkoor, J. Samet- the customers corresponding to 200-inger, and R. Seker, “Software safety node topology for nonpartitioned and security risk mitigation in (k = 0) and partitioned systems (k = 8). It cyber-physical systems,” IEEE Softw., can be noted that the partition-driven vol. 35, no. 1, pp. 24–29, 2017. doi: architecture efficiently handles the 10.1109/MS.2017.4541050. attack, and correspondingly, load on 4. A. Humayed, J. Lin, F. Li, and B. Luo, the transmission lines connected to “Cyber-physical systems security: the bus connecting 200 consumers is A survey,” IEEE Internet Things J., not drastically increased in compari-vol. 4, no. 6, pp. 1802–1831, 2017. doi: son to the nonpartitioned system. 10.1109/JIOT.2017.2703172.",

year = "2020",

month = mar,

day = "1",

doi = "10.1109/MC.2019.2914906",

language = "English",

volume = "53",

pages = "47--56",

journal = "Computer",

issn = "0018-9162",

publisher = "IEEE Computer Society",

}

TY - GEN

T1 - A Partition-Driven Integrated Security Architecture for Cyberphysical Systems

AU - Javed, Yahya

AU - Felemban, Muhamad

AU - Shawly, Tawfeeq

AU - Kobes, Jason

AU - Ghafoor, Arif

N1 - Funding Information: The value of ~ for different values of n with σ = 3 and k = 0, 8 is shown in Figure 3(a). It can be seen that the performance of the proposed partition-driven architecture (k = 8) is considerably higher as compared to the nonpartitioned system (k = 0); he partition-driven security archi-for example, at n = 200, the value of tecture presented in this article ~ is 84.5 for the partitioned system, Tproposes a comprehensive secu-whereas its value is 7.4 for the non-rity solution for CPSs. The proposed partitioned system. Moreover, note architecture is able to contain the dam-that the value of ~ increases as the age propagation and recover the CPS value of n increases until 200 nodes automatically. However, there are sev-after that it decreases. This is due eral challenges that must be addressed to the fact that there exists an opti-to develop a robust security solution for mal protection-zone size that max-CPSs. These include dealing with the imizes the benefit. If the size of the performance of IDSs and evaluation of protection zone is too small, it is the proposed security architecture for more likely that damage will propa-more complex attacks. gate to other protection zones. If the size is too large, then many mem-ACKNOWLEDGMENTS ber nodes of the protection zone can This research is supported by grants become corrupted without any hin-from Northrop Grumman Corporation drance. Figure 3(b) shows the val-and by U.S. National Science Founda-ues of δ for 200-node topology for tion grant IIS-0964639. different v and k values. Notice that even when the attack propagation REFERENCES speed is high, that is, lower values 1. I. Eusgeld, C. Nan, and S. Dietz, of v, the partitioned system (k >0) “System-of-systemsapproachforinterde- can effectively contain damage rel-pendent critical infrastructures,”Reliab. ative to the nonpartitioned system Eng. Syst. Safety,vol. 96, no. 6, pp. 679– (k = 0). For higher v values, there is 686,2011.doi:10.1016/j.ress.2010.12.010. ample time for the response mecha-2. “FrameworkforCyber-Physical nism to react, and hence the perfor-SystemsRelease1.0,”NISTCyber-Physi- mance of the partition-driven archi-cal Systems Public tecture is significantly better. Figure 3(c) Working Group, National Institute shows the manipulated guideline of Standards andTechnology, price values in a smart meter.10 This U.S. Department of Commerce, change in guideline price increases Gaithersburg,MD, May2016. the energy consumption of a con-Accessed on: Jan. 29,2020.[Online]. sumer by 1.3 kWh on average in our Available:https://pages.nist.gov/ simulations. Figure 3(d) shows the cpspwg increase in overall demand by all of 3. M. Biro, A. Mashkoor, J. Samet- the customers corresponding to 200-inger, and R. Seker, “Software safety node topology for nonpartitioned and security risk mitigation in (k = 0) and partitioned systems (k = 8). It cyber-physical systems,” IEEE Softw., can be noted that the partition-driven vol. 35, no. 1, pp. 24–29, 2017. doi: architecture efficiently handles the 10.1109/MS.2017.4541050. attack, and correspondingly, load on 4. A. Humayed, J. Lin, F. Li, and B. Luo, the transmission lines connected to “Cyber-physical systems security: the bus connecting 200 consumers is A survey,” IEEE Internet Things J., not drastically increased in compari-vol. 4, no. 6, pp. 1802–1831, 2017. doi: son to the nonpartitioned system. 10.1109/JIOT.2017.2703172.

PY - 2020/3/1

Y1 - 2020/3/1

UR - https://www.scopus.com/pages/publications/85082191624

U2 - 10.1109/MC.2019.2914906

DO - 10.1109/MC.2019.2914906

M3 - Article

AN - SCOPUS:85082191624

SN - 0018-9162

VL - 53

SP - 47

EP - 56

JO - Computer

JF - Computer

ER -