Modelling and automatic mapping of cyber security requirements for industrial applications: Survey, problem exposition, and research focus

The rapid process of digitalisation has an advanced impact on the industrial automation and manufacturing domain. In order to support all the upcoming technologies and paradigm changes in a future-proof way the Reference Architecture Model Industrie 4.0 (RAMI4.0) is presently developed in Germany. The requirements, such as Quality of Service (QoS) provisioning for communication systems, network management, and Safety & Security, towards the Factories of the Future (FoF) are constantly increasing. The currently approached solution contains the concept of the Asset Administration Shell (AAS) as a general information storage and exchange point for all possible industrial assets. In consequence, the AAS needs a universal modelling concept of all mandatory information to set up the basis for automatic configuration abilities, which are desired in the Industrie 4.0 (I4.0) visions. Nevertheless, especially in the area of cyber security, which was neglected in the past and has gained a lot of attention nowadays, these modelling concepts are still missing. Therefore, this paper will provide an overview about the ongoing progress in this area, describe the related work, and outline the impending research containing a first concept for the desired Unified Security Modelling Metric (USMM).

[1]  John Grundy,et al.  SecDSVL: A Domain-Specific Visual Language to Support Enterprise Security Modelling , 2014, 2014 23rd Australian Software Engineering Conference.

[2]  John A. Zinky,et al.  QoS Aspect Languages and Their Runtime Integration , 1998, LCR.

[3]  Juergen Jasperneite,et al.  The Future of Industrial Communication: Automation Networks in the Era of the Internet of Things and Industry 4.0 , 2017, IEEE Industrial Electronics Magazine.

[4]  Theo Tryfonas,et al.  IoTsec: UML Extension for Internet of Things Systems Security Modelling , 2017, 2017 International Conference on Mechatronics, Electronics and Automotive Engineering (ICMEAE).

[5]  Raimir Holanda Filho,et al.  Model-Based Quantitative Network Security Metrics: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[6]  Hermann de Meer,et al.  Modeling Security Requirements for VNE algorithms , 2017, VALUETOOLS.

[7]  Marco Ehrlich,et al.  Automatic mapping of cyber security requirements to support network slicing in software-defined networks , 2017, 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA).

[8]  Bu-Sung Lee,et al.  Semantics in service discovery and QoS measurement , 2005, IT Professional.

[9]  Jürgen Jasperneite,et al.  An OPC UA based approach for dynamic-configuration of security credentials and integrating a vendor independent digital product memory , 2014 .

[10]  Aniruddha S. Gokhale,et al.  A QoS policy configuration modeling language for publish/subscribe middleware platforms , 2007, DEBS '07.

[11]  Ayman Abdel-Hamid,et al.  Network slice selection, assignment and routing within 5G Networks , 2016, 2016 IEEE Conference on Standards for Communications and Networking (CSCN).

[12]  Michael E. Lesk,et al.  Privacy and Cybersecurity: The Next 100 Years , 2012, Proceedings of the IEEE.

[13]  Jonathan Walpole,et al.  A quality-of-service specification for multimedia presentations , 1995, Multimedia Systems.

[14]  Mohammad Jabed Morshed Chowdhury Security risk modelling using SecureUML , 2014, 16th Int'l Conf. Computer and Information Technology.

[15]  Marco Ehrlich,et al.  Towards monitoring of hybrid industrial networks , 2017, 2017 IEEE 13th International Workshop on Factory Communication Systems (WFCS).

[16]  Mohammad Abdollahi Azgomi,et al.  A method for modeling and evaluation of the security of cyber-physical systems , 2014, 2014 11th International ISC Conference on Information Security and Cryptology.

[17]  John Chambers,et al.  Common Vulnerability Scoring System: Final Report and Recommendations (October 12, 2004) , 2004 .

[18]  Ming Xu,et al.  Security-aware virtual network embedding , 2014, 2014 IEEE International Conference on Communications (ICC).

[19]  John C. Mitchell,et al.  Security Modeling and Analysis , 2011, IEEE Security & Privacy.

[20]  Reiner Anderl,et al.  Combined Secure Process and Data Model for IT-Security in Industrie 4.0 , 2017 .

[21]  Haralambos Mouratidis,et al.  Security requirements modelling for virtualized 5G small cell networks , 2017, 2017 24th International Conference on Telecommunications (ICT).

[22]  Reiner Anderl,et al.  Integrated Data Model and Structure for the Asset Administration Shell in Industrie 4.0 , 2017 .

[23]  Irlán Grangel-González,et al.  An RDF-based approach for implementing industry 4.0 components with Administration Shells , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).