Modeling of dynamic trust contracts for industry 4.0 systems

Due to their close relation to physical and virtual entities (humans, machines, processes, etc.) including their changing state and context, modern cyber-physical and IoT systems exhibit a high degree of architectural dynamicity. While sharing of data among all the entities of the system is the key driver to the efficiency of the system, it is at the same time necessary to effectively control which data are shared, with whom, and in which context so as to prevent potential misuse. The problem however is that traditional methods to security and privacy, which typically rely on rigid hierarchies, cannot easily cope with the high degree of architectural dynamicity. In this paper, we outline an approach to ensure security and privacy on the architectural level in systems with dynamic architectures. In particular, we focus on a) data tracking using data flows and data processing described in system architectures, b) descriptions of dynamic sharing scenarios including decision derivation based on the current situation, and c) a runtime analysis platform that regulates data exchange. We ground the approach and illustrate it in the Industry 4.0 setting, as this is the domain in which we apply our approach as part of our project Trust 4.0, but we believe it can be used in other applications domains as well.

[1]  Bradley R. Schmerl,et al.  Software Engineering for Smart Cyber-Physical Systems: Challenges and Promising Solutions , 2017, SOEN.

[2]  Petr Tuma,et al.  Software Abstractions for Component Interaction in the Internet of Things , 2016, Computer.

[3]  Sophie Chabridon,et al.  The QoCIM Framework: Concepts and Tools for Quality of Context Management , 2014, Context in Computing.

[4]  Avelino J. Gonzalez,et al.  Context in Computing: A Cross-Disciplinary Approach for Modeling the Real World , 2014 .

[5]  Robert Heinrich Architectural Run-time Models for Performance and Privacy Analysis in Dynamic Cloud Applications? , 2016, PERV.

[6]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[7]  Tomas Bures,et al.  Trait-based Language for Smart Cyber-Physical Systems , 2018 .

[8]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[9]  Sophie Chabridon,et al.  Trust-Based Context Contract Models for the Internet of Things , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[10]  Bernhard Hoisl,et al.  Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach , 2012, Software & Systems Modeling.

[11]  Jean-Christophe Filliâtre,et al.  Deductive software verification , 2011, International Journal on Software Tools for Technology Transfer.

[12]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[13]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[14]  John Grundy,et al.  MDSE@R: Model-Driven Security Engineering at Runtime , 2012, CSS.

[15]  Stephan Seifermann Architectural Data Flow Analysis , 2016, 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA).

[16]  Boris Otto,et al.  Design Principles for Industrie 4.0 Scenarios , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[17]  Max E. Kramer,et al.  Modeling and Simulating Software Architectures: The Palladio Approach , 2016 .

[18]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[19]  Gregor Snelting,et al.  Checking probabilistic noninterference using JOANA , 2014, it Inf. Technol..