An Integrated Security-Safety Architecture for Industrial Wireless Control System Based on Cyber-Control-Physical Cross-Domain Collaboration

IF 17.2
Wei Liang;Sichao Zhang;Yinlong Zhang;Jialin Zhang;Xudong Yuan
{"title":"An Integrated Security-Safety Architecture for Industrial Wireless Control System Based on Cyber-Control-Physical Cross-Domain Collaboration","authors":"Wei Liang;Sichao Zhang;Yinlong Zhang;Jialin Zhang;Xudong Yuan","doi":"10.1109/JSAC.2025.3574615","DOIUrl":null,"url":null,"abstract":"Industrial Control Systems (ICSs) are the core of industrial production. Wireless technology, with its flexibility and adaptability, is catalyzing a transformative shift from traditional ICS to the advanced Industrial Wireless Control Systems (IWCSs). However, the openness of wireless media, high dynamics of the environment, and resource scarcity present unprecedented security challenges of high security defense costs and low detection inaccuracy for IWCS. State-of-the-art methods primarily treat ICS as a typical cyber-physical system, which focuses on security issues from the cyber and control domains, rather than the physical domain. As a result, they are unable to fully address the high dynamics of wireless channels and unknown attacks, ultimately failing to meet the stringent security requirements of industrial systems. To this end, this paper proposes a physical-domain whitelist as the final line of security defense leveraging the finite nature of the physical behavior space in industrial production systems. Moreover, a holistic cross-domain security-safety architecture is introduced, drawing inspiration from the integrated cyber-control-physical collaboration. In the proposed architecture, the top-down inherent security-safety defense and bottom-up risk backtracking form a close loop, which not only prevents unknown attacks but also facilitates rapid localization and response to attacks. In the experiment, the composite AGV scheduling control has been developed to verify the effectiveness of the architecture. Ultimately, the potential challenges of the cross-domain architecture for IWCS safety-security defense have been summarized.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 9","pages":"3231-3246"},"PeriodicalIF":17.2000,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/11016837/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Industrial Control Systems (ICSs) are the core of industrial production. Wireless technology, with its flexibility and adaptability, is catalyzing a transformative shift from traditional ICS to the advanced Industrial Wireless Control Systems (IWCSs). However, the openness of wireless media, high dynamics of the environment, and resource scarcity present unprecedented security challenges of high security defense costs and low detection inaccuracy for IWCS. State-of-the-art methods primarily treat ICS as a typical cyber-physical system, which focuses on security issues from the cyber and control domains, rather than the physical domain. As a result, they are unable to fully address the high dynamics of wireless channels and unknown attacks, ultimately failing to meet the stringent security requirements of industrial systems. To this end, this paper proposes a physical-domain whitelist as the final line of security defense leveraging the finite nature of the physical behavior space in industrial production systems. Moreover, a holistic cross-domain security-safety architecture is introduced, drawing inspiration from the integrated cyber-control-physical collaboration. In the proposed architecture, the top-down inherent security-safety defense and bottom-up risk backtracking form a close loop, which not only prevents unknown attacks but also facilitates rapid localization and response to attacks. In the experiment, the composite AGV scheduling control has been developed to verify the effectiveness of the architecture. Ultimately, the potential challenges of the cross-domain architecture for IWCS safety-security defense have been summarized.
基于网络控制-物理跨域协作的工业无线控制系统集成安防体系结构
工业控制系统(ics)是工业生产的核心。无线技术以其灵活性和适应性,正在推动从传统ICS到先进工业无线控制系统(IWCSs)的变革。然而,无线媒体的开放性、环境的高动态性和资源的稀缺性给IWCS带来了前所未有的安全防御成本高、检测准确率低的安全挑战。最先进的方法主要将ICS视为典型的网络-物理系统,其重点是来自网络和控制领域的安全问题,而不是物理领域。因此,它们无法完全解决无线信道的高动态和未知攻击,最终无法满足工业系统严格的安全要求。为此,本文提出了一个物理域白名单作为安全防御的最后一道防线,利用工业生产系统中物理行为空间的有限性。此外,从集成的网络控制-物理协作中汲取灵感,介绍了一个整体的跨域安全体系结构。在该体系结构中,自顶向下的固有安全防御和自底向上的风险回溯形成闭环,既可以防止未知攻击,又可以快速定位和响应攻击。在实验中,开发了复合AGV调度控制,验证了该结构的有效性。最后,总结了IWCS跨域架构安全防御的潜在挑战。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信