Professional Documents
Culture Documents
Systems (CPS)
Abstract Cyber-physical systems (CPSs) are the next generation of engineered sys-
tems in which computing, communication, and control technologies are tightly inte-
grated. They play an increasingly important role in critical infrastructure, government
and everyday life. With the exponential growth of cyber-physical systems (CPSs), new
security challenges have emerged. Security issues are not new, but advances in tech-
nology make it necessary to develop new approaches to protect data against undesired
consequences. Security is crucial in CPSs, but unfortunately, security problems occur
due to the fact that CPS was not initially conceived as a secure environment. To in-
corporate these security issues, security must be considered from the very beginning
of the system design. One way to solve this problem is by having a global perspective,
and in this way, a Reference Architecture (RA) is a high-level abstraction of a system
that can be useful in the implementation of complex systems. It is widely accepted that
adding elements to address many security factors (integrity, confidentiality, availability,
vulnerabilities, threats, etc.) and facilitate the definition of security requirements to a
Security Reference Architecture (SRA) is a good starting point for solving these kind
of cybersecurity problems and protect the system from the beginning of the develop-
ment. In the current paper, a SRA for CPSs is defined using UML models trying to
ease secure CPSs implementations.
Key Words: Cyber-Physical Systems (CPS); Security Reference Architecture; Secure
design; Security patterns
Category: D.2, K.6.5
1 Introduction
2 Related Work
The first layer is the business layer. Figure 2 represents the main elements of
this component. The main objective of the business layer is to define in a concise
and proper way the global purpose to be pursued with the CPS. This CPS goal
is usually specified with a high level of abstraction since it represents the wishes
of the company’s top management. An example of a CPS objective may be ”to
Application Layer
Orchestration Layer
Business Layer
Network Fabric
Service Layer
Infrastructure Layer
Once the goal of the CPS has been established, it is time to define the different
requirements that the CPS must address. This is the main objective of the
orchestration layer. In addition, this layer organizes how the requirements are
connected to the rest of the components of the architecture; since it is an SRA,
we will focus specifically on the safety and security requirements that the CPS
must meet. It is important to explain the difference between safety and security
requirements since CPS is not only concerned with the security of the data used
in the system but also, as it has a physical part, with the physical safety of both
Figure 2: Elements of the Business Layer
the sensors and actuators, and the stakeholders related to the CPS. Figure 3
shows the different elements of the orchestration layer.
These requirements must be aligned with the CPS goals. One of the main
elements to consider when defining requirements is the regulation that may affect
the context where the CPS is implemented. A CPS implemented in a medical
monitoring system does not have the same limitations as one implemented in
a robotic system for an industrial environment. The legislation will limit the
use of the data depending on the sensitivity of the data. These laws, which
are intrinsic to the company’s context, must be aligned with the organization’s
security policies, which must be taken into account when defining the CPS goal.
Security requirements are related to the ability of the CPS to ensure that
all of its processes, mechanisms, both physical and cyber, and services are af-
forded internal or external protection from unintended and unauthorized access,
change, damage, destruction, or use. These could be such as data anonymity, con-
fidentiality and integrity need to be guaranteed, as well as authentication and
authorization mechanisms in order to prevent unauthorized users (i.e., humans
and devices) to access the system. Whereas, concerning safety requirements can
be interpreted as the ability of the CPS to ensure the absence of catastrophic
consequences on the life, health, property, or data of CPS stakeholders and the
physical environment [Griffor et al., 2017].
These problems are usually addressed through the use of general mechanisms
such as access control, risk control, external and internal audits, encryption or
ensuring the origin and traceability of data from sensors or other data sources
[Ashibani and Mahmoud, 2017, Alguliyev et al., 2018]. Normally, these are tra-
ditional security management techniques applicable to any IT system, but which
are adapted to meet the inherent characteristics of a CPS.
These safety and security requirements are satisfied by different safety and
security solutions, which, at this level, have a high level of abstraction since
they will be implemented in a more specific way in the rest of the layers of the
architecture. Being defined as the mechanism used to address a security or safety
requirement, it can be concluded that these solutions have the main objective of
correcting or addressing system vulnerabilities. At this point, the orchestration
layer is composed of a series of elements that conform a typical security ontology
as can be seen in security methodologies such as ASE [Uzunov et al., 2015].
Therefore, vulnerabilities are security holes that the different assets of the system
have and suppose a threat for the system if they are exploited. One way to help
in the implementation of these security solutions is through the use of security
patterns.
A pattern is a solution to a recurring problem that indicates how to
defend against a threat, or set of threats, in a concise and reusable way
[Fernandez B, 2013]. Patterns are abstract solutions that must be tailored
to where they are applied. Furthermore, our architecture includes the use
of misuse patterns to understand how each attack works and to guide the
application of the different security patterns that can be used to stop a threat
[Fernandez et al., 2009]. For example, a security requirement indicates the need
to keep track of the actions performed on the sensitive data of the CPS; the
implementation of this security solution can be guided by the use of the ”Logger
and Auditor” security pattern.
Finally, it should be noted that there are other types of requirements that
are necessary when implementing a CPS, such as performance or quality require-
ments. How-ever, our architecture has the objective of incorporating security into
this type of environment, so we only focus on those requirements and security
solutions that help to achieve this objective. The following layers define the
elements that can be used when implementing a CPS.
The application layer marks the beginning of the CPS elements, since it is at
this level that the requirements specified in the previous layer are concretely
implemented. Specifically, the application layer consists of those elements related
to the output generated by the CPS. This output can have different formats
depending on the business needs (see Figure 4). Thus, it is possible to display
these results through dashboards, which can allow users to perform interactions
on the CPS, such as activating certain actuators. These dashboards can indicate
in real time the status of the system. Moreover, it is also possible to show the
results in a more traditional way through reports that explain the actions taken
or average levels of certain system indicators. Finally, it is likewise conceivable
that the results may not be displayed visually but may serve as a basis for
decision making as to which actuators to activate or deactivate under certain
circumstances. These circumstances should be determined in the service layer.
It is important to highlight the fact that in many scenarios it is necessary
to have a communication with an end-user that is considered an external agent
to the system. This end-user does not have to be a human being but can be an
auxiliary system that receives the output data from the CPS as input for its own
processes. When accessing these results, it is necessary to have control over what
and who accesses the data. For this purpose, authorization and authentication
mechanisms must be implemented to guarantee the security and privacy of the
data generated by the CPS. These mechanisms are the concrete implementation
of the security solutions that were defined in the orchestration layer and act as
a gateway to the system.
The service layer has the objective of meeting the requirements established in
the orchestration layer, including the security requirements. In order to achieve
this goal, this layer is composed of different services or activities that can be
considered as the SaaS (Software as a Service) layer of CPS. Figure 5 shows
the different services that compose this layer, and also the security solution that
must map the security solution from the orchestration layer; for example, the
data collected may need to be properly secured by using encryption mechanisms
or the analyze of the data must preserve the privacy of it.
Figure 4: Elements of the Application Layer
These activities can be considered as the typical data lifecycle in this type
of environments. Ad it is represented in the diagram, not all the activities can
communicate with each other, there is a sequential order of execution. This
implies that one of these activities is not mandatory in a CPS. Hence, there are
four main activities that can be performed in a typical CPS:
– The collect activity acts like an ETL (Extract, Transform, and Load) process
and combines sets of data from different data sources (mostly sensors from
the Sensor & Actuator layer) with the objective of unifying them. The data
collected in this activity will be used in the following activities.
– The prepare activity has the purpose of validating and cleaning the data.
This activity is not mandatory in this kind of systems since they usually have
real-time needs. There are different techniques that can be used to prepare
the data, such as the data wrangling that is the process to trans-form raw
data into another format of data that is more suitable.
– The analysis activity processes the data generated by the system in order
to obtain valuable information that can help in the decision making. This
activity is critical and includes the definition of different algorithms and
methods to ensure the proper functionating of the CPS. In many cases, the
insights generated by this activity automatically suppose an activation of
different CPS actuators.
– The control activity is crucial in a CPS since it has the main purpose of man-
aging the different sensors and actuators of the environment. This activity
bases its functionating on the insights generated by the analysis activity and
in the decisions made by the end-user in the application layer. In addition,
this activity monitors the status of the different devices that compose the
CPS.
All these activities must be supported by the next layer of the architecture:
the infrastructure layer.
The infrastructure layer has the objective of supporting all the different services
and processes provided and executed along the CPS. Figure 6 depicts the main el-
ements of this infrastructure layer. As it can be seen in the figure, there are three
main possibilities when implementing a CPS infrastructure: by using a Cloud
Computing, a Fog Computing solution, or an Edge Computing solution. All these
solutions are well-known infrastructures and since it is out of scope of this work,
we will not define them in-depth [Casola et al., 2018, Fernandez et al., 2016b].
The decision on the type of infrastructure to be supported by the CPS will
depend on the requirements of the system. Security should also be taken into
account when making this decision, since in the case of opting for a Cloud so-
lution, security is delegated to the third-party provider of the infrastructure.
However, in case of deciding on a Fog computing solution, security must empha-
size enhancing the security of access to stored data. On the other hand, if the
CPS is implemented through an Edge computing infrastructure, security must
emphasize the CPS devices, since most of the actions will be performed on them;
such as the security of the network communications between the devices.
As stated before, the choice of infrastructure will affect the implementation
of the components that conform the CPS architecture. However, this should not
affect the elements of the SRA; for example, in the case of selecting an Edge
Computing solution, the data analysis service will be performed on the devices
of the CPS itself, but this service will continue to be offered to the end-users.
Figure 6: Elements of the Infrastructure Layer
the actuators are those devices that cause changes in the CPS through actions
controlled by the upper layers; such as a sprinkler or a robotic arm. There are
also CPS devices that consist of both a sensor and an actuator, such as water
pumps with flow sensors. In addition, some CPS devices can be more complex,
so they can be considered as an aggregation of different devices. Figure 7 depicts
the main components of this layer.
As for the security of this layer, it is necessary to indicate that there are two
levels of security. On the one hand, the security of the sensors, which are usually
related to the way of sending and receiving data; both, the data generated by the
sensors and the data received by the actuators to perform an action. In contrast,
the physical safety that was defined in the orchestration layer is implemented
here, since this is the place where accidents can occur due to the wrong action
of an actuator.
In order to connect the different links between the different layers of our ar-
chitecture, there are many communication protocols for the different levels that
provide this connectivity. Communication requirements vary widely among the
different types of CPS networks, depending on their purpose and resource con-
straints.
The communication protocols within CPS ecosystems can be either wireless
or wireline-based. There exists a plethora of wireless communication protocols,
including short-range radio protocols such as ZigBee, Bluetooth/Bluetooth Low
Energy (BLE), Wi-Fi/Wi-Fi HaLow, Near Field Communication (NFC) or Ra-
dio Frequency Identification (RFID); mobile networks and longer-range radio
protocols such as Lo-RaWAN, SigFox NarrowBand-IoT (NB-IoT), or LTE-M.
Each of them is defined in its own standard, for example ZigBee and ZigBee 3.0
are based on IEEE 802.15.4. Wired communication protocols and links, such as
Ethernet, USB, SPI, MIPI and I2C, among others, also provide access to the de-
vices. Moreover, it is worth high-lighting that CPS communications also support
non-IP based protocols, such as SMS, LiDar, Radar, etc.
The leading communication technologies used in the CPS world are IEEE
802.15.4, low power WiFi, 6LoWPAN, RFID, NFC, Sigfox, LoraWAN, and other
proprietary protocols for wireless networks.
The Sensor and Actuator layer is composed by devices which are inherently
re-source constrained such as limited processing speed, storage capacity, and
communication bandwidth, so they can use protocols such as IEEE 802.15.4
(Zigbee), and 801.15.1 (Bluetooth). These protocols are generally characterized
by lower bandwidth, low energy consumption, and short range. These devices
generate large amounts of information that flow to higher layers to be stored,
processed and analyzed. It employs many technologies such as databases, cloud
computing, and big data processing modules.
The upper layers require communication protocols with longer ranges, which
are in the local area network (LAN) class, such as IEEE 802.11 (WiFi). Robust
and efficient routing protocols need to be designed and adapted for CPS systems
in order to provide efficient and robust communication in this highly variable
and dynamic environment.
TCP is not a good option for communication in low power environments as it
has a large overhead owing to the fact that it is a connection-oriented protocol.
Therefore, UDP is preferred because it is a connectionless protocol and has low
overhead.
The application layer is responsible for data formatting and presentation. The
application layer in the Internet is typically based on HTTP. However, HTTP is
not suitable in resource constrained environments. Many alternate protocols have
been developed for these environments such as CoAP (Constrained Application
Protocol) and MQTT (Message Queue Telemetry Transport).
Acknowledgements
References
[Alguliyev et al., 2018] Alguliyev, R., Imamverdiyev, Y., and Sukhostat, L. (2018).
Cyber-physical systems and their security issues. Computers in Industry, 100:212–
223.
[Alur, 2015] Alur, R. (2015). Principles of cyber-physical systems. MIT Press.
[Ashibani and Mahmoud, 2017] Ashibani, Y. and Mahmoud, Q. H. (2017). Cyber
physical systems security: Analysis, challenges and solutions. Computers & Secu-
rity, 68:81–97.
[Avgeriou, 2003] Avgeriou, P. (2003). Describing, Instantiating and Evaluating a Ref-
erence Architecture: A Case Study. Technical report.
[Baloyi and Kotzé, 2018] Baloyi, N. and Kotzé, P. (2018). A data privacy model based
on internet of things and cyber-physical systems reference architectures. In ACM
International Conference Proceeding Series.
[Brewer, 2013] Brewer, T. (2013). Introduction in Proceedings of the Cybersecurity in
Cyber-Physical Systems Workshop, April 23-24, 2012. Gaithersburg, MD. National
Institute of Standards and Technology.
[Bunte et al., 2019] Bunte, A., Fischbach, A., Strohschein, J., Bartz-Beielstein, T.,
Faeskorn-Woyke, H., and Niggemann, O. (2019). Evaluation of Cognitive Archi-
tectures for Cyber-Physical Production Systems. In IEEE International Conference
on Emerging Technologies and Factory Automation, ETFA, volume 2019-September.
[Casola et al., 2018] Casola, V., De Benedictis, A., Rak, M., and Villano, U. (2018).
Security-by-design in multi-cloud applications: An optimization approach. Informa-
tion Sciences, 454:344–362.
[Das et al., 2012] Das, S. K., Kant, K., and Zhang, N. (2012). Handbook on Securing
Cyber-Physical Critical Infrastructure. Elsevier.
[Dobaj et al., 2018] Dobaj, J., Krisper, M., Iber, J., and Kreiner, C. (2018). A mi-
croservice architecture for the industrial internet-of-things. In ACM International
Conference Proceeding Series.
[European Commission, 2013] European Commission (2013). Cyber-Physical Sys-
tems: Uplifting Europe’s Innovation Capacity. Technical report, Brussels.
[Fernandez et al., 2016a] Fernandez, E., Yoshioka, N., Washizaki, H., and Syed, M.
(2016a). Modeling and Security in Cloud Ecosystems. Future Internet, 8(4):13.
[Fernandez et al., 2016b] Fernandez, E. B., Monge, R., and Hashizume, K. (2016b).
Building a security reference architecture for cloud systems. Requirements Engineer-
ing, 21(2):225–249.
[Fernandez et al., 2009] Fernandez, E. B., Yoshioka, N., and Washizaki, H. (2009).
Modeling misuse patterns. In 2009 International Conference on Availability, Relia-
bility and Security, pages 566–571. IEEE.
[Fernandez B, 2013] Fernandez B, E. (2013). Security patterns in practice: designing
secure architectures using software patterns. John Wiley & Sons.
[Frazzon et al., 2013] Frazzon, E. M., Hartmann, J., Makuschewitz, T., and Scholz-
Reiter, B. (2013). Towards socio-cyber-physical systems in production networks.
Procedia CIRP, 7:49–54.
[Griffor et al., 2017] Griffor, E., Wollman, D., and Greer, C. (2017). Framework for
Cyber-Physical Systems: Volume 1, Overview. Technical Report June, National In-
stitute of Standards and Technology, Gaithersburg, MD.
[Haque et al., 2014] Haque, S. A., Aziz, S. M., and Rahman, M. (2014). Review of
cyber-physical system in healthcare. International Journal of Distributed Sensor
Networks, 2014(4):217415.
[Horowitz and Pierce, 2013] Horowitz, B. M. and Pierce, K. M. (2013). The integra-
tion of diversely redundant designs, dynamic system models, and state estimation
technology to the cyber security of physical systems. In NIST, editor, Systems En-
gineering, volume 16, pages 401–412. NISTIR 7916.
[Jara et al., 2014] Jara, A. J., Genoud, D., and Bocchi, Y. (2014). Big data for cyber
physical systems an analysis of challenges, solutions and opportunities. In Proceedings
- 2014 8th International Conference on Innovative Mobile and Internet Services in
Ubiquitous Computing, IMIS 2014, pages 376–380. IEEE.
[Kavallieratos et al., 2019] Kavallieratos, G., Katsikas, S. K., and Gkioulos, V. (2019).
Towards a cyber-physical range. In CPSS 2019 - Proceedings of the 5th ACM Cyber-
Physical System Security Workshop, co-located with AsiaCCS 2019.
[Kim and Kumar, 2012] Kim, K. D. and Kumar, P. R. (2012). Cyber-physical
systems: A perspective at the centennial. Proceedings of the IEEE, 100(SPL
CONTENT):1287–1308.
[Konstantinou et al., 2015] Konstantinou, C., Maniatakos, M., Saqib, F., Hu, S.,
Plusquellic, J., and Jin, Y. (2015). Cyber-physical systems: A security perspective.
In 2015 20th IEEE European Test Symposium (ETS), pages 1–8. IEEE.
[Krco et al., 2014] Krco, S., Pokric, B., and Carrez, F. (2014). Designing IoT architec-
ture(s): A European perspective. In 2014 IEEE World Forum on Internet of Things,
WF-IoT 2014, pages 79–84. IEEE.
[Larrinaga et al., 2018] Larrinaga, F., Fernandez, J., Zugasti, E., Garitano, I., Zuru-
tuza, U., Anasagasti, M., and Mondragon, M. (2018). Implementation of a reference
architecture for cyber physical systems to support condition based maintenance. In
2018 5th International Conference on Control, Decision and Information Technolo-
gies (CoDIT), pages 773–778. IEEE.
[Lee, 2015] Lee, E. A. (2015). The past, present and future of cyber-physical systems:
A focus on models.
[Lee et al., 2015] Lee, J., Bagheri, B., and Kao, H. A. (2015). A Cyber-Physical Sys-
tems architecture for Industry 4.0-based manufacturing systems. Manufacturing Let-
ters, 3:18–23.
[Lee et al., 2013] Lee, J., Lapira, E., Bagheri, B., and an Kao, H. (2013). Recent
advances and trends in predictive manufacturing systems in big data environment.
Manufacturing Letters, 1(1):38–41.
[Medvidovic and Taylor, 2010] Medvidovic, N. and Taylor, R. N. (2010). Software
architecture. In Proceedings of the 32nd ACM/IEEE International Conference on
Software Engineering - ICSE ’10, volume 2, page 471, New York, New York, USA.
ACM Press.
[Moghaddam et al., 2018] Moghaddam, M., Cadavid, M. N., Kenley, C. R., and Desh-
mukh, A. V. (2018). Reference architectures for smart manufacturing: A critical
review. Journal of Manufacturing Systems, 49.
[Moness and Moustafa, 2016] Moness, M. and Moustafa, A. M. (2016). A Survey
of Cyber-Physical Advances and Challenges of Wind Energy Conversion Systems:
Prospects for Internet of Energy. IEEE Internet of Things Journal, 3(2).
[Monostori, 2014] Monostori, L. (2014). Cyber-physical production systems: Roots,
expectations and R&D challenges. In Procedia CIRP, volume 17.
[Monostori et al., 2016] Monostori, L., Kádár, B., Bauernhansl, T., Kondoh, S., Ku-
mara, S., Reinhart, G., Sauer, O., Schuh, G., Sihn, W., and Ueda, K. (2016). Cyber-
physical systems in manufacturing. CIRP Annals, 65(2).
[NIST Group Big Data Public Working, 2018] NIST Group Big Data Public Working
(2018). NIST Big Data Interoperability Framework: volume 6, reference architecture,
version 2. Technical Report June, National Institute of Standards and Technology,
Gaithersburg, MD.
[Rajkumar et al., 2010] Rajkumar, R., Lee, I., Sha, L., and Stankovic, J. (2010).
Cyber-physical systems: The next computing revolution. In Proceedings - Design
Automation Conference, pages 731–736, New York, New York, USA. ACM Press.
[Rawat et al., 2015] Rawat, D. B., Bajracharya, C., and Yan, G. (2015). Towards
intelligent transportation Cyber-Physical Systems: Real-time computing and com-
munications perspectives. In Conference Proceedings - IEEE SOUTHEASTCON,
volume 2015-June, pages 1–6. IEEE.
[Shi-Wan et al., 2017] Shi-Wan, L., Bradford, M., Jacques, D., Graham, B., Chigani,
A., Martin, R., Murphy, B., and Crawford, M. (2017). The Industrial Internet of
Things Volume G1 : Reference Architecture. Industrial Internet Consortium White
Paper, Version 1.:58 Seiten.
[Suh et al., 2014] Suh, S. C., Tanik, U. J., Carbone, J. N., and Eroglu, A. (2014).
Applied Cyber-Physical Systems, volume 9781461473. Springer New York, New York,
NY.
[Triantafyllou et al., 2019] Triantafyllou, A., Tsouros, D. C., Sarigiannidis, P., and
Bibi, S. (2019). An architecture model for smart farming. In Proceedings - 15th An-
nual International Conference on Distributed Computing in Sensor Systems, DCOSS
2019.
[ur Rehman et al., 2018] ur Rehman, S., Iannella, A., and Gruhn, V. (2018). A Secu-
rity Based Reference Architecture for Cyber-Physical Systems. In Communications
in Computer and Information Science, volume 942, pages 157–169.
[Uzunov et al., 2015] Uzunov, A. V., Fernandez, E. B., and Falkner, K. (2015). Ase: A
comprehensive pattern-driven security methodology for distributed systems. Com-
puter Standards & Interfaces, 41:112–137.
[VID/VDE, 2015] VID/VDE (2015). Reference Architecture Model Industrie 4.0
(RAMI4.0). Igarss 2014, 0(1).
[Wang et al., 2010] Wang, E. K., Ye, Y., Xu, X., Yiu, S. M., Hui, L. C., and Chow,
K. P. (2010). Security issues and challenges for cyber physical system. In Proceed-
ings - 2010 IEEE/ACM International Conference on Green Computing and Com-
munications, GreenCom 2010, 2010 IEEE/ACM International Conference on Cyber,
Physical and Social Computing, CPSCom 2010, pages 733–738. IEEE.
[Wang et al., 2015] Wang, L., Törngren, M., and Onori, M. (2015). Current status and
advancement of cyber-physical systems in manufacturing. Journal of Manufacturing
Systems, 37:517–527.
[Xiong et al., 2015] Xiong, G., Zhu, F., Liu, X., Dong, X., Huang, W., Chen, S.,
and Zhao, K. (2015). Cyber-physical-social system in intelligent transportation.
IEEE/CAA Journal of Automatica Sinica, 2(3):320–333.
[Yu and Xue, 2016] Yu, X. and Xue, Y. (2016). Smart Grids: A Cyber-Physical Sys-
tems Perspective.
[Zacchia Lun et al., 2019] Zacchia Lun, Y., D’Innocenzo, A., Smarra, F., Malavolta, I.,
and Di Benedetto, M. D. (2019). State of the art of cyber-physical systems security:
An automatic control perspective. Journal of Systems and Software, 149.
[Zander et al., 2015] Zander, J., Mosterman, P. J., Padir, T., Wan, Y., and Fu, S.
(2015). Cyber-physical Systems can Make Emergency Response Smart. Procedia
Engineering, 107:312–318.