Definition and Verification of Security Configurations of Cyber-Physical Systems

Abstract

The proliferation of Cyber-Physical Systems (CPSs) is rais ing serious security challenges. These are complex systems, integrating physical elements into automated networked systems, often containing a variety of devices, such as sensors and actuators, and requiring complex management and data storage. This makes the construction of secure CPSs a challenge, requiring not only an adequate specification of secu rity requirements and needs related to the business domain but also an adaptation and concretion of these requirements to define a security configuration of the CPS where all its components are related. Derived from the complexity of the CPS, their configurations can be incorrect according to the requirements, and must be verified. In this paper, we propose a grammar for specifying business domain security requirements based on the CPS components. This will allow the definition of security requirements that, through a defined security feature model, will result in a configuration of services and security properties of the CPS, whose correctness can be verified. For this last stage, we have created a cata logue of feature models supported by a tool that allows the automatic verification of security configurations. To illustrate the results, the pro posal has been applied to automated verification of requirements in a hydroponic system scenario.