Security Reference Architecture for Cyber-Physical

Systems (CPS)

Julio Moreno, David G. Rosado, Luis E. Sánchez, Manuel A.

Serrano and Eduardo Fernández-Medina
(GSyA Research Group. University of Castilla-La Mancha, Ciudad Real, Spain
julio.moreno@uclm.es, david.grosado@uclm.es, luise.sanchez@uclm.es,
manuel.serrano@uclm.es, eduardo.fdezmedina@uclm.es)

Abstract Cyber-physical systems (CPSs) are the next generation of engineered sys-
tems in which computing, communication, and control technologies are tightly inte-
grated. They play an increasingly important role in critical infrastructure, government
and everyday life. With the exponential growth of cyber-physical systems (CPSs), new
security challenges have emerged. Security issues are not new, but advances in tech-
nology make it necessary to develop new approaches to protect data against undesired
consequences. Security is crucial in CPSs, but unfortunately, security problems occur
due to the fact that CPS was not initially conceived as a secure environment. To in-
corporate these security issues, security must be considered from the very beginning
of the system design. One way to solve this problem is by having a global perspective,
and in this way, a Reference Architecture (RA) is a high-level abstraction of a system
that can be useful in the implementation of complex systems. It is widely accepted that
adding elements to address many security factors (integrity, confidentiality, availability,
vulnerabilities, threats, etc.) and facilitate the definition of security requirements to a
Security Reference Architecture (SRA) is a good starting point for solving these kind
of cybersecurity problems and protect the system from the beginning of the develop-
ment. In the current paper, a SRA for CPSs is defined using UML models trying to
ease secure CPSs implementations.
Key Words: Cyber-Physical Systems (CPS); Security Reference Architecture; Secure
design; Security patterns
Category: D.2, K.6.5

1 Introduction

Cyber-physical systems (CPS) are intelligent systems that include com-

puting, storage, and communication capabilities with tracking and/or
control capabilities of objects in the physical world [Alur, 2015] and
providing citizens and businesses with a wide range of innovative appli-
cations and services [European Commission, 2013]. The CPS cover from
Machine-to-Machine (M2M) and Internet of Things (IoT) communications,
integration of heterogeneous data from multiple sources, to its integra-
tion within Cloud Computing and Big Data platforms [Jara et al., 2014].
The research related to cyber-physical systems (CPS) has recently drawn
the attention of academia, industry, and the government because of its
wide impact to society, economy, and environment [Monostori et al., 2016,
Lee, 2015, Monostori, 2014]. These highly interconnected and integrated
systems provide new functionalities to improve the quality of life and allow
technological advances in critical areas, such as personalized health care
[Suh et al., 2014, Haque et al., 2014], emergency response [Zander et al., 2015],
traffic flow management [Rawat et al., 2015, Xiong et al., 2015], intelligent
[Frazzon et al., 2013, Lee et al., 2015, Lee et al., 2013, Wang et al., 2015]
defense and national security [Rajkumar et al., 2010, Das et al., 2012], and
energy supply [Yu and Xue, 2016, Moness and Moustafa, 2016].
While ongoing research work focuses on achieving goals such as
stability, performance, robustness, and efficiency for physical sys-
tems [Rajkumar et al., 2010], security within CPS is usually ignored
[Kim and Kumar, 2012, Konstantinou et al., 2015, Wang et al., 2010].
Cyber-physical systems are being extensively integrated in various critical
infrastructures, albeit any security breaches to these systems could have
catastrophic consequences.
Cybersecurity is a necessary feature of the CPS architecture to ensure
that CPS capabilities are not compromised by malicious agents, and that
the information used, processed, stored, and transferred has its integrity
preserved and is kept confidential where needed [Zacchia Lun et al., 2019].
Cybersecurity is a fundamental discipline that provides confidence in terms
that CPS, their information, and supporting communications and information
infrastructures are adequately safeguarded. CPS are increasingly being used in
critical infrastructures and other settings. However, CPS have many unique
characteristics, including the need for real-time response and extremely high
availability, predictability, and reliability, which impacts cybersecurity decisions
[Brewer, 2013]. As advances in technology permit automatic control of more
and more of the functions of physical systems, the opportunity for cyberattacks,
including exploitation of such automation capabilities, becomes a greater
risk [Horowitz and Pierce, 2013]. Providing cybersecurity for CPS is further
complicated by the fact that an ever-expanding array of CPS will be required
to operate in a wide range of operational conditions, and could be threatened
by a plethora of cyberattack mechanisms and processes.
Thus, CPSs are very complex environments that combine a virtual side
that makes decisions that have an effect on the physical world. Therefore, a
global perspective must be followed to properly address their cybersecurity
issues. One way that has proved to be a valuable solution is the Reference
Architectures (RA) [Avgeriou, 2003, Medvidovic and Taylor, 2010]. There are
different RAs that represent different kinds of systems, such as, Internet of
Things [Krco et al., 2014], Cloud Computing [Fernandez et al., 2016a] or Big
Data [NIST Group Big Data Public Working, 2018]. A RA can be defined as an
abstract software architecture that is based on one or more domains and that not
contains implementation features [Avgeriou, 2003]. In addition, an RA should
be expressed at a high level of abstraction, in order to be reusable, extendable,
and configurable for any organization. Moreover, when security concepts such
as policies, threats, security patterns, or vulnerabilities are added to the RA, it
becomes a Security Reference Architecture. In this way, a SRA is a high level ar-
chitecture that incorporates a set of elements that not only provides an abstract
view of the different components and elements of a technology, but also facili-
tates the definition of security requirements and allows a better understanding
of security concepts. Thence, a SRA can be used to describe a conceptual model
of security for CPS.
The scientific community and different standardization companies have de-
scribed different architectures that try to abstract the main components or layers
of a CPS. However, most of these proposals do not contemplate security as a key
aspect when building this kind of environments. Hence, we have considered the
main proposals in order to create our own SRA for CPS. This SRA will allow a
better understanding of a CPS while, at the same time, emphasizes the impor-
tance of the security concepts. In order to achieve that purpose, our architecture
is specified by means of UML diagrams which allow a more in-depth definition
of the connection between the different components and layer of a CPS.
The remainder of this paper is organized as follows: Section 2 describes the
different proposals made by both the scientific community and the different
standardization companies. Section 3 defines our proposal, including a subsection
for each layer of the SRA. Section 4 presents conclusions and future work.

2 Related Work

There are multiple reference architectures for CPS environments proposed by

both the industry and the scientific community. However, there are not many
architectures that focus on security, as we will see below. In addition, some of the
proposals are not specifically focused on CPS but are related to this topic since
they contain parts of this kind of environments; such as, IoT environments or
smart factories. In this section, we describe the most relevant proposals on this
topic. Regarding proposals for industry CPS architectures, there are three main
ones:: RAMI 4.0, IIRA and 5C. RAMI 4.0 [VID/VDE, 2015] is probably the
best known architecture when it comes to expressing CPS environments. This
proposal shows the peculiarities of this type of system by means of a division
into six layers with different levels of abstraction ranging from the business layer
to the assets that make up the CPS. Although it includes some security issues,
it does not focus specifically on security, and therefore cannot be considered an
SRA. IIRA (Industrial Internet Reference Architecture) [Shi-Wan et al., 2017]
is a model that defines the structure of the Industrial Internet of Things (IIoT).
This proposal has a structure of four layers and five domains, which are based
on the study of different use cases. The result is an architecture with a high level
of abstraction that does not emphasize security. Regarding 5C [Lee et al., 2015],
it is an architecture that defines five levels. This organization is based on pro-
viding different functions from the connection of the sensors and actuators to
the configuration of the CPS. 5C places no emphasis on data security or envi-
ronmental safety. A more in-depth analysis of these and other industry propos-
als is done at [Bunte et al., 2019, Moghaddam et al., 2018]. Whereas, the sci-
entific community has also made proposals in this topic. Kavallieratos et al.
[Kavallieratos et al., 2019] propose a CPS architecture that mainly focuses on
the security of the networks that are part of this kind of environments. It has
too high level of abstraction with a lack of details in the specific components and
how they are connected. In [Triantafyllou et al., 2019], the authors present a RA
for smart farming that is mainly focused on the energy consumption. This RA
has four different layers that have a different level of abstraction from the appli-
cations to the sensors. It does not highlight the importance of security or safety
topics. Dobaj et al. [Dobaj et al., 2018] present an architecture for Industrial In-
ternet of Things (IIoT) that is mainly defined around different microservices that
are defined through the use of patterns. This architecture is conformed by four
different layers. However, they consider security and safety as an isolated fea-
ture to be implemented, not as a key characteristic in this kind of environments.
This proposal recommends the use of security and safety patterns to address
the different issues. Baloyi and Kotzé [Baloyi and Kotzé, 2018] proposes a SRA
for CPS that mainly focuses on privacy at technical and organization level. In
order to do this, they follow the recommendation of the privacy-by-design cul-
ture. However, they mainly focus on the business layer and their proposal lacks
technical details. In [Larrinaga et al., 2018] the authors propose the MANTIS
reference architecture model that is based in the IIRA. MANTIS is composed
by three different layers from the physical entities to the enterprise level that
represents the different applications. This proposal considers security and safety
as an important characteristic of CPS but they do not put any special empha-
sis on how it affects their architecture. Finally, the only SRA for CPS that we
have found is the one proposed by Rehman et al. [ur Rehman et al., 2018]. This
proposal is composed by three different layers that discuss the main threats and
possible countermeasures for each layer. However, we miss more detail about
the different components of the layers. Table 1 highlights the main differences
between the proposals showed in this section. Our proposal brings together all
these different concepts, which when used together, allow us to improve security
aspects of CPS.
 RA Proposal Security concern Connection between components Use of patterns
RAMI 4.0 [VID/VDE, 2015] Medium Low No
IIRA [Shi-Wan et al., 2017] Low Low No
5C [Lee et al., 2015] Low Low No
Kavallieratos et al. [Kavallieratos et al., 2019] High Low No
Triantafyllou et al. [Triantafyllou et al., 2019] Low High No
Dobaj et al. [Dobaj et al., 2018] Medium High Yes
Baloyi and Kotzé [Baloyi and Kotzé, 2018] High Low No
Larrinaga, F. et al. [Larrinaga et al., 2018] Medium Low No
Rehman et al. [ur Rehman et al., 2018] High Medium No

Table 1: Comparison between RAs for CPS

3 SRA for CPS

As stated in the introductory section, an SRA can be defined as an abstract

framework that shows the main components of a system, while at the same time,
it emphasizes the understanding of security concepts; such as, vulnerabilities or
misuse patterns. As a result of the gaps identified in the previous section, we
decided to create our own SRA for CPS. Our proposal is based on the main
standards or frameworks that define an architecture for CPS; such as RAMI
4.0 or IIRA. The main difference between our proposal and the others is that
we followed a security-by-design approach to create the SRA. In addition, we
highlight the importance of defining all the elements that can conform a CPS
and how they are related between them. In order to make evident the existing
relations between the different elements of our architecture we make use of UML
diagrams. In addition, the use of this kind of diagram facilitates the appliance
of security patterns, which are usually described as UML models.
Figure 1 depicts the main components that compose our SRA. As it can be
seen, our architecture follows a layer structure that is composed by six different
layer that are connected between to each other. Moreover, there is a network
fabric in the background of the SRA that describes how the different layers
communicate with each other. The first two layers of our architecture have a
higher level of abstraction than the rest, since their main objective is to perform
the governance and management tasks of the implemented CPS architecture.
That is why they are connected to the rest of the components of the architecture.
All these layers are described in-depth in the following subsections.

3.1 Business Layer

The first layer is the business layer. Figure 2 represents the main elements of
this component. The main objective of the business layer is to define in a concise
and proper way the global purpose to be pursued with the CPS. This CPS goal
is usually specified with a high level of abstraction since it represents the wishes
of the company’s top management. An example of a CPS objective may be ”to
 Application Layer

Orchestration Layer
Business Layer

Network Fabric
Service Layer

Infrastructure Layer

Sensor & Actuator Layer

Figure 1: Overview of the SRA for CPS

provide intelligence and autonomy to an industrial control system”. This CPS

goal must be aligned with the elements of the organization where the CPS is to
be implemented. These elements include the business policies, the expectation
of the company (business goal), how the organization perform their activities
(business processes) and which is the environment of the organization (context).
All these elements are important since they should influence the definition of
the CPS goal. The realization of a CPS project is not a trivial decision, since it
is a complicated system which implementation can affect different departments
of the organization and implies the use of many resources and an important
economic expense. For that reason, the top management must be involved in the
definition of the CPS goals. The CPS goal defined at this level is divided into
more specific requirements in the orchestration layer.

3.2 Orchestration Layer

Once the goal of the CPS has been established, it is time to define the different
requirements that the CPS must address. This is the main objective of the
orchestration layer. In addition, this layer organizes how the requirements are
connected to the rest of the components of the architecture; since it is an SRA,
we will focus specifically on the safety and security requirements that the CPS
must meet. It is important to explain the difference between safety and security
requirements since CPS is not only concerned with the security of the data used
in the system but also, as it has a physical part, with the physical safety of both
 Figure 2: Elements of the Business Layer

Figure 3: Elements of the Orchestration Layer

the sensors and actuators, and the stakeholders related to the CPS. Figure 3
shows the different elements of the orchestration layer.
These requirements must be aligned with the CPS goals. One of the main
elements to consider when defining requirements is the regulation that may affect
the context where the CPS is implemented. A CPS implemented in a medical
monitoring system does not have the same limitations as one implemented in
a robotic system for an industrial environment. The legislation will limit the
use of the data depending on the sensitivity of the data. These laws, which
are intrinsic to the company’s context, must be aligned with the organization’s
security policies, which must be taken into account when defining the CPS goal.
Security requirements are related to the ability of the CPS to ensure that
all of its processes, mechanisms, both physical and cyber, and services are af-
forded internal or external protection from unintended and unauthorized access,
change, damage, destruction, or use. These could be such as data anonymity, con-
fidentiality and integrity need to be guaranteed, as well as authentication and
authorization mechanisms in order to prevent unauthorized users (i.e., humans
and devices) to access the system. Whereas, concerning safety requirements can
be interpreted as the ability of the CPS to ensure the absence of catastrophic
consequences on the life, health, property, or data of CPS stakeholders and the
physical environment [Griffor et al., 2017].
These problems are usually addressed through the use of general mechanisms
such as access control, risk control, external and internal audits, encryption or
ensuring the origin and traceability of data from sensors or other data sources
[Ashibani and Mahmoud, 2017, Alguliyev et al., 2018]. Normally, these are tra-
ditional security management techniques applicable to any IT system, but which
are adapted to meet the inherent characteristics of a CPS.
These safety and security requirements are satisfied by different safety and
security solutions, which, at this level, have a high level of abstraction since
they will be implemented in a more specific way in the rest of the layers of the
architecture. Being defined as the mechanism used to address a security or safety
requirement, it can be concluded that these solutions have the main objective of
correcting or addressing system vulnerabilities. At this point, the orchestration
layer is composed of a series of elements that conform a typical security ontology
as can be seen in security methodologies such as ASE [Uzunov et al., 2015].
Therefore, vulnerabilities are security holes that the different assets of the system
have and suppose a threat for the system if they are exploited. One way to help
in the implementation of these security solutions is through the use of security
patterns.
A pattern is a solution to a recurring problem that indicates how to
defend against a threat, or set of threats, in a concise and reusable way
[Fernandez B, 2013]. Patterns are abstract solutions that must be tailored
to where they are applied. Furthermore, our architecture includes the use
of misuse patterns to understand how each attack works and to guide the
application of the different security patterns that can be used to stop a threat
[Fernandez et al., 2009]. For example, a security requirement indicates the need
to keep track of the actions performed on the sensitive data of the CPS; the
implementation of this security solution can be guided by the use of the ”Logger
and Auditor” security pattern.
Finally, it should be noted that there are other types of requirements that
are necessary when implementing a CPS, such as performance or quality require-
ments. How-ever, our architecture has the objective of incorporating security into
this type of environment, so we only focus on those requirements and security
solutions that help to achieve this objective. The following layers define the
elements that can be used when implementing a CPS.

3.3 Application Layer

The application layer marks the beginning of the CPS elements, since it is at
this level that the requirements specified in the previous layer are concretely
implemented. Specifically, the application layer consists of those elements related
to the output generated by the CPS. This output can have different formats
depending on the business needs (see Figure 4). Thus, it is possible to display
these results through dashboards, which can allow users to perform interactions
on the CPS, such as activating certain actuators. These dashboards can indicate
in real time the status of the system. Moreover, it is also possible to show the
results in a more traditional way through reports that explain the actions taken
or average levels of certain system indicators. Finally, it is likewise conceivable
that the results may not be displayed visually but may serve as a basis for
decision making as to which actuators to activate or deactivate under certain
circumstances. These circumstances should be determined in the service layer.
It is important to highlight the fact that in many scenarios it is necessary
to have a communication with an end-user that is considered an external agent
to the system. This end-user does not have to be a human being but can be an
auxiliary system that receives the output data from the CPS as input for its own
processes. When accessing these results, it is necessary to have control over what
and who accesses the data. For this purpose, authorization and authentication
mechanisms must be implemented to guarantee the security and privacy of the
data generated by the CPS. These mechanisms are the concrete implementation
of the security solutions that were defined in the orchestration layer and act as
a gateway to the system.

3.4 Service Layer

The service layer has the objective of meeting the requirements established in
the orchestration layer, including the security requirements. In order to achieve
this goal, this layer is composed of different services or activities that can be
considered as the SaaS (Software as a Service) layer of CPS. Figure 5 shows
the different services that compose this layer, and also the security solution that
must map the security solution from the orchestration layer; for example, the
data collected may need to be properly secured by using encryption mechanisms
or the analyze of the data must preserve the privacy of it.
 Figure 4: Elements of the Application Layer

Figure 5: Elements of the Service Layer

These activities can be considered as the typical data lifecycle in this type
of environments. Ad it is represented in the diagram, not all the activities can
communicate with each other, there is a sequential order of execution. This
implies that one of these activities is not mandatory in a CPS. Hence, there are
four main activities that can be performed in a typical CPS:

– The collect activity acts like an ETL (Extract, Transform, and Load) process
and combines sets of data from different data sources (mostly sensors from
the Sensor & Actuator layer) with the objective of unifying them. The data
collected in this activity will be used in the following activities.

– The prepare activity has the purpose of validating and cleaning the data.
This activity is not mandatory in this kind of systems since they usually have
real-time needs. There are different techniques that can be used to prepare
the data, such as the data wrangling that is the process to trans-form raw
 data into another format of data that is more suitable.

– The analysis activity processes the data generated by the system in order
to obtain valuable information that can help in the decision making. This
activity is critical and includes the definition of different algorithms and
methods to ensure the proper functionating of the CPS. In many cases, the
insights generated by this activity automatically suppose an activation of
different CPS actuators.

– The control activity is crucial in a CPS since it has the main purpose of man-
aging the different sensors and actuators of the environment. This activity
bases its functionating on the insights generated by the analysis activity and
in the decisions made by the end-user in the application layer. In addition,
this activity monitors the status of the different devices that compose the
CPS.

All these activities must be supported by the next layer of the architecture:
the infrastructure layer.

3.5 Infrastructure Layer

The infrastructure layer has the objective of supporting all the different services
and processes provided and executed along the CPS. Figure 6 depicts the main el-
ements of this infrastructure layer. As it can be seen in the figure, there are three
main possibilities when implementing a CPS infrastructure: by using a Cloud
Computing, a Fog Computing solution, or an Edge Computing solution. All these
solutions are well-known infrastructures and since it is out of scope of this work,
we will not define them in-depth [Casola et al., 2018, Fernandez et al., 2016b].
The decision on the type of infrastructure to be supported by the CPS will
depend on the requirements of the system. Security should also be taken into
account when making this decision, since in the case of opting for a Cloud so-
lution, security is delegated to the third-party provider of the infrastructure.
However, in case of deciding on a Fog computing solution, security must empha-
size enhancing the security of access to stored data. On the other hand, if the
CPS is implemented through an Edge computing infrastructure, security must
emphasize the CPS devices, since most of the actions will be performed on them;
such as the security of the network communications between the devices.
As stated before, the choice of infrastructure will affect the implementation
of the components that conform the CPS architecture. However, this should not
affect the elements of the SRA; for example, in the case of selecting an Edge
Computing solution, the data analysis service will be performed on the devices
of the CPS itself, but this service will continue to be offered to the end-users.
 Figure 6: Elements of the Infrastructure Layer

In addition, the CPS infrastructure is integrated by a set of components re-

lated to the different function they provide. First, the hardware infrastructure
contains all the different physical resources, such as servers, needed to support
the CPS. The storage service where all the data generated by the CPS and also
data from external data sources that are needed to perform the analysis service
are located. In general, there are three different ways to store data: structured,
semi-structured and non-structured. Depending on the data handled by the CPS,
you will have to choose the implementation of one or several databases of these
types. The processing engine has the purpose of establishing the way data is an-
alyzed in the CPS. There are three ways to process data: i) The batch processing
executes different jobs in a sequential mode. It writes on the disk to store data
between phases. ii) The streaming processing analyze data in real-time, so it
is suitable for applications which requirements indicate the need for analysis of
data generated at the current time. iii) In the middle of these technologies is the
interactive processing, which allows to perform queries over the data while it is
still being collected. The actuator control is in charge of managing the communi-
cations with the actuators of the CPS, so when an actuator needs to be activated
or deactivated due to a decision from upper layers, this mechanism contact the
adequate actuator. Finally, there are a few support services that may need to be
implemented in the CPS, such as resource monitoring or orchestration services.

3.6 Sensor & Actuator Layer

The last layer of our architecture is related to the different devices that conform
the CPS. In general, these devices are divided into two large groups: on the
one hand, the sensors, which obtain real-time data that indicate the state of
the CPS or a specific variable, such as temperature or position. In any case,
 Figure 7: Elements of the Sensor & Actuator Layer

the actuators are those devices that cause changes in the CPS through actions
controlled by the upper layers; such as a sprinkler or a robotic arm. There are
also CPS devices that consist of both a sensor and an actuator, such as water
pumps with flow sensors. In addition, some CPS devices can be more complex,
so they can be considered as an aggregation of different devices. Figure 7 depicts
the main components of this layer.
As for the security of this layer, it is necessary to indicate that there are two
levels of security. On the one hand, the security of the sensors, which are usually
related to the way of sending and receiving data; both, the data generated by the
sensors and the data received by the actuators to perform an action. In contrast,
the physical safety that was defined in the orchestration layer is implemented
here, since this is the place where accidents can occur due to the wrong action
of an actuator.

3.7 Network Fabric

In order to connect the different links between the different layers of our ar-
chitecture, there are many communication protocols for the different levels that
provide this connectivity. Communication requirements vary widely among the
different types of CPS networks, depending on their purpose and resource con-
straints.
The communication protocols within CPS ecosystems can be either wireless
or wireline-based. There exists a plethora of wireless communication protocols,
including short-range radio protocols such as ZigBee, Bluetooth/Bluetooth Low
Energy (BLE), Wi-Fi/Wi-Fi HaLow, Near Field Communication (NFC) or Ra-
dio Frequency Identification (RFID); mobile networks and longer-range radio
protocols such as Lo-RaWAN, SigFox NarrowBand-IoT (NB-IoT), or LTE-M.
Each of them is defined in its own standard, for example ZigBee and ZigBee 3.0
are based on IEEE 802.15.4. Wired communication protocols and links, such as
Ethernet, USB, SPI, MIPI and I2C, among others, also provide access to the de-
vices. Moreover, it is worth high-lighting that CPS communications also support
non-IP based protocols, such as SMS, LiDar, Radar, etc.
The leading communication technologies used in the CPS world are IEEE
802.15.4, low power WiFi, 6LoWPAN, RFID, NFC, Sigfox, LoraWAN, and other
proprietary protocols for wireless networks.
The Sensor and Actuator layer is composed by devices which are inherently
re-source constrained such as limited processing speed, storage capacity, and
communication bandwidth, so they can use protocols such as IEEE 802.15.4
(Zigbee), and 801.15.1 (Bluetooth). These protocols are generally characterized
by lower bandwidth, low energy consumption, and short range. These devices
generate large amounts of information that flow to higher layers to be stored,
processed and analyzed. It employs many technologies such as databases, cloud
computing, and big data processing modules.
The upper layers require communication protocols with longer ranges, which
are in the local area network (LAN) class, such as IEEE 802.11 (WiFi). Robust
and efficient routing protocols need to be designed and adapted for CPS systems
in order to provide efficient and robust communication in this highly variable
and dynamic environment.
TCP is not a good option for communication in low power environments as it
has a large overhead owing to the fact that it is a connection-oriented protocol.
Therefore, UDP is preferred because it is a connectionless protocol and has low
overhead.
The application layer is responsible for data formatting and presentation. The
application layer in the Internet is typically based on HTTP. However, HTTP is
not suitable in resource constrained environments. Many alternate protocols have
been developed for these environments such as CoAP (Constrained Application
Protocol) and MQTT (Message Queue Telemetry Transport).

4 Conclusions and Future Work

A Security Reference Architecture (SRA) is a framework that allows the guid-

ance to use security mechanisms from a high level of abstraction. In this paper
we present our proposal for a specific SRA for CPS environments. For this pur-
pose, we have considered the most widely accepted proposals made by both the
industry and the scientific community. These proposals usually lack detail as to
the specific components that conform each of the layers of the architecture.
Our SRA is defined by means of UML class diagrams with the aim of im-
proving the understanding of the different components that make up a CPS and
how they relate to each other in a more precise way. In addition, the use of UML
diagrams facilitates the application of different safety and security patterns that
can be used to facilitate the implementation of security mechanisms. Therefore,
our SRA is composed by 6 different layers and a network fabric that represent
the main elements of a CPS. These layers represent different levels of abstrac-
tion, from the business goals of the company to the different actuators of the
CPS.
As future work, we are currently conducting a case study based on our SRA
proposal for the construction of a secure CPS environment, specifically a hy-
droponic farming. We are working on the creation and adaptation of different
safety and security patterns that are specific to this type of ecosystem, and
we are defining a set of security requirements for CPS environments creating a
metamodel that help to define the security requirements and associated security
patterns for subsequent analysis and diagnosis of the security configurations and
solutions resulting from these requirements in the next phases of our SRA.

Acknowledgements

This work was funded by the ECLIPSE project (RTI2018-094283-B-C31 funded

by “Ministerio de Economı́a y Competitividad and the Fondo Europeo de De-
sarrollo Regional FEDER”), the GENESIS project (SBPLY-17-180501-000202
funded by ”Consejerı́a de Educación, Cultura y Deportes de la Dirección General
de Universidades, Investigación e Innovación de la JCCM”), and the Programa
Operativo Regional FEDER 2014/2020.

References
[Alguliyev et al., 2018] Alguliyev, R., Imamverdiyev, Y., and Sukhostat, L. (2018).
Cyber-physical systems and their security issues. Computers in Industry, 100:212–
223.
[Alur, 2015] Alur, R. (2015). Principles of cyber-physical systems. MIT Press.
[Ashibani and Mahmoud, 2017] Ashibani, Y. and Mahmoud, Q. H. (2017). Cyber
physical systems security: Analysis, challenges and solutions. Computers & Secu-
rity, 68:81–97.
[Avgeriou, 2003] Avgeriou, P. (2003). Describing, Instantiating and Evaluating a Ref-
erence Architecture: A Case Study. Technical report.
[Baloyi and Kotzé, 2018] Baloyi, N. and Kotzé, P. (2018). A data privacy model based
on internet of things and cyber-physical systems reference architectures. In ACM
International Conference Proceeding Series.
[Brewer, 2013] Brewer, T. (2013). Introduction in Proceedings of the Cybersecurity in
Cyber-Physical Systems Workshop, April 23-24, 2012. Gaithersburg, MD. National
Institute of Standards and Technology.
[Bunte et al., 2019] Bunte, A., Fischbach, A., Strohschein, J., Bartz-Beielstein, T.,
Faeskorn-Woyke, H., and Niggemann, O. (2019). Evaluation of Cognitive Archi-
tectures for Cyber-Physical Production Systems. In IEEE International Conference
on Emerging Technologies and Factory Automation, ETFA, volume 2019-September.
[Casola et al., 2018] Casola, V., De Benedictis, A., Rak, M., and Villano, U. (2018).
Security-by-design in multi-cloud applications: An optimization approach. Informa-
tion Sciences, 454:344–362.
[Das et al., 2012] Das, S. K., Kant, K., and Zhang, N. (2012). Handbook on Securing
Cyber-Physical Critical Infrastructure. Elsevier.
[Dobaj et al., 2018] Dobaj, J., Krisper, M., Iber, J., and Kreiner, C. (2018). A mi-
croservice architecture for the industrial internet-of-things. In ACM International
Conference Proceeding Series.
[European Commission, 2013] European Commission (2013). Cyber-Physical Sys-
tems: Uplifting Europe’s Innovation Capacity. Technical report, Brussels.
[Fernandez et al., 2016a] Fernandez, E., Yoshioka, N., Washizaki, H., and Syed, M.
(2016a). Modeling and Security in Cloud Ecosystems. Future Internet, 8(4):13.
[Fernandez et al., 2016b] Fernandez, E. B., Monge, R., and Hashizume, K. (2016b).
Building a security reference architecture for cloud systems. Requirements Engineer-
ing, 21(2):225–249.
[Fernandez et al., 2009] Fernandez, E. B., Yoshioka, N., and Washizaki, H. (2009).
Modeling misuse patterns. In 2009 International Conference on Availability, Relia-
bility and Security, pages 566–571. IEEE.
[Fernandez B, 2013] Fernandez B, E. (2013). Security patterns in practice: designing
secure architectures using software patterns. John Wiley & Sons.
[Frazzon et al., 2013] Frazzon, E. M., Hartmann, J., Makuschewitz, T., and Scholz-
Reiter, B. (2013). Towards socio-cyber-physical systems in production networks.
Procedia CIRP, 7:49–54.
[Griffor et al., 2017] Griffor, E., Wollman, D., and Greer, C. (2017). Framework for
Cyber-Physical Systems: Volume 1, Overview. Technical Report June, National In-
stitute of Standards and Technology, Gaithersburg, MD.
[Haque et al., 2014] Haque, S. A., Aziz, S. M., and Rahman, M. (2014). Review of
cyber-physical system in healthcare. International Journal of Distributed Sensor
Networks, 2014(4):217415.
[Horowitz and Pierce, 2013] Horowitz, B. M. and Pierce, K. M. (2013). The integra-
tion of diversely redundant designs, dynamic system models, and state estimation
technology to the cyber security of physical systems. In NIST, editor, Systems En-
gineering, volume 16, pages 401–412. NISTIR 7916.
[Jara et al., 2014] Jara, A. J., Genoud, D., and Bocchi, Y. (2014). Big data for cyber
physical systems an analysis of challenges, solutions and opportunities. In Proceedings
- 2014 8th International Conference on Innovative Mobile and Internet Services in
Ubiquitous Computing, IMIS 2014, pages 376–380. IEEE.
[Kavallieratos et al., 2019] Kavallieratos, G., Katsikas, S. K., and Gkioulos, V. (2019).
Towards a cyber-physical range. In CPSS 2019 - Proceedings of the 5th ACM Cyber-
Physical System Security Workshop, co-located with AsiaCCS 2019.
[Kim and Kumar, 2012] Kim, K. D. and Kumar, P. R. (2012). Cyber-physical
systems: A perspective at the centennial. Proceedings of the IEEE, 100(SPL
CONTENT):1287–1308.
[Konstantinou et al., 2015] Konstantinou, C., Maniatakos, M., Saqib, F., Hu, S.,
Plusquellic, J., and Jin, Y. (2015). Cyber-physical systems: A security perspective.
In 2015 20th IEEE European Test Symposium (ETS), pages 1–8. IEEE.
[Krco et al., 2014] Krco, S., Pokric, B., and Carrez, F. (2014). Designing IoT architec-
ture(s): A European perspective. In 2014 IEEE World Forum on Internet of Things,
WF-IoT 2014, pages 79–84. IEEE.
[Larrinaga et al., 2018] Larrinaga, F., Fernandez, J., Zugasti, E., Garitano, I., Zuru-
tuza, U., Anasagasti, M., and Mondragon, M. (2018). Implementation of a reference
architecture for cyber physical systems to support condition based maintenance. In
2018 5th International Conference on Control, Decision and Information Technolo-
gies (CoDIT), pages 773–778. IEEE.
[Lee, 2015] Lee, E. A. (2015). The past, present and future of cyber-physical systems:
A focus on models.
[Lee et al., 2015] Lee, J., Bagheri, B., and Kao, H. A. (2015). A Cyber-Physical Sys-
tems architecture for Industry 4.0-based manufacturing systems. Manufacturing Let-
ters, 3:18–23.
[Lee et al., 2013] Lee, J., Lapira, E., Bagheri, B., and an Kao, H. (2013). Recent
advances and trends in predictive manufacturing systems in big data environment.
Manufacturing Letters, 1(1):38–41.
[Medvidovic and Taylor, 2010] Medvidovic, N. and Taylor, R. N. (2010). Software
architecture. In Proceedings of the 32nd ACM/IEEE International Conference on
Software Engineering - ICSE ’10, volume 2, page 471, New York, New York, USA.
ACM Press.
[Moghaddam et al., 2018] Moghaddam, M., Cadavid, M. N., Kenley, C. R., and Desh-
mukh, A. V. (2018). Reference architectures for smart manufacturing: A critical
review. Journal of Manufacturing Systems, 49.
[Moness and Moustafa, 2016] Moness, M. and Moustafa, A. M. (2016). A Survey
of Cyber-Physical Advances and Challenges of Wind Energy Conversion Systems:
Prospects for Internet of Energy. IEEE Internet of Things Journal, 3(2).
[Monostori, 2014] Monostori, L. (2014). Cyber-physical production systems: Roots,
expectations and R&D challenges. In Procedia CIRP, volume 17.
[Monostori et al., 2016] Monostori, L., Kádár, B., Bauernhansl, T., Kondoh, S., Ku-
mara, S., Reinhart, G., Sauer, O., Schuh, G., Sihn, W., and Ueda, K. (2016). Cyber-
physical systems in manufacturing. CIRP Annals, 65(2).
[NIST Group Big Data Public Working, 2018] NIST Group Big Data Public Working
(2018). NIST Big Data Interoperability Framework: volume 6, reference architecture,
version 2. Technical Report June, National Institute of Standards and Technology,
Gaithersburg, MD.
[Rajkumar et al., 2010] Rajkumar, R., Lee, I., Sha, L., and Stankovic, J. (2010).
Cyber-physical systems: The next computing revolution. In Proceedings - Design
Automation Conference, pages 731–736, New York, New York, USA. ACM Press.
[Rawat et al., 2015] Rawat, D. B., Bajracharya, C., and Yan, G. (2015). Towards
intelligent transportation Cyber-Physical Systems: Real-time computing and com-
munications perspectives. In Conference Proceedings - IEEE SOUTHEASTCON,
volume 2015-June, pages 1–6. IEEE.
[Shi-Wan et al., 2017] Shi-Wan, L., Bradford, M., Jacques, D., Graham, B., Chigani,
A., Martin, R., Murphy, B., and Crawford, M. (2017). The Industrial Internet of
Things Volume G1 : Reference Architecture. Industrial Internet Consortium White
Paper, Version 1.:58 Seiten.
[Suh et al., 2014] Suh, S. C., Tanik, U. J., Carbone, J. N., and Eroglu, A. (2014).
Applied Cyber-Physical Systems, volume 9781461473. Springer New York, New York,
NY.
[Triantafyllou et al., 2019] Triantafyllou, A., Tsouros, D. C., Sarigiannidis, P., and
Bibi, S. (2019). An architecture model for smart farming. In Proceedings - 15th An-
nual International Conference on Distributed Computing in Sensor Systems, DCOSS
2019.
[ur Rehman et al., 2018] ur Rehman, S., Iannella, A., and Gruhn, V. (2018). A Secu-
rity Based Reference Architecture for Cyber-Physical Systems. In Communications
in Computer and Information Science, volume 942, pages 157–169.
[Uzunov et al., 2015] Uzunov, A. V., Fernandez, E. B., and Falkner, K. (2015). Ase: A
comprehensive pattern-driven security methodology for distributed systems. Com-
puter Standards & Interfaces, 41:112–137.
[VID/VDE, 2015] VID/VDE (2015). Reference Architecture Model Industrie 4.0
(RAMI4.0). Igarss 2014, 0(1).
[Wang et al., 2010] Wang, E. K., Ye, Y., Xu, X., Yiu, S. M., Hui, L. C., and Chow,
K. P. (2010). Security issues and challenges for cyber physical system. In Proceed-
ings - 2010 IEEE/ACM International Conference on Green Computing and Com-
munications, GreenCom 2010, 2010 IEEE/ACM International Conference on Cyber,
 Physical and Social Computing, CPSCom 2010, pages 733–738. IEEE.
[Wang et al., 2015] Wang, L., Törngren, M., and Onori, M. (2015). Current status and
advancement of cyber-physical systems in manufacturing. Journal of Manufacturing
Systems, 37:517–527.
[Xiong et al., 2015] Xiong, G., Zhu, F., Liu, X., Dong, X., Huang, W., Chen, S.,
and Zhao, K. (2015). Cyber-physical-social system in intelligent transportation.
IEEE/CAA Journal of Automatica Sinica, 2(3):320–333.
[Yu and Xue, 2016] Yu, X. and Xue, Y. (2016). Smart Grids: A Cyber-Physical Sys-
tems Perspective.
[Zacchia Lun et al., 2019] Zacchia Lun, Y., D’Innocenzo, A., Smarra, F., Malavolta, I.,
and Di Benedetto, M. D. (2019). State of the art of cyber-physical systems security:
An automatic control perspective. Journal of Systems and Software, 149.
[Zander et al., 2015] Zander, J., Mosterman, P. J., Padir, T., Wan, Y., and Fu, S.
(2015). Cyber-physical Systems can Make Emergency Response Smart. Procedia
Engineering, 107:312–318.