A security reference architecture for cargo ports

Internet of Things and Cyber-Physical Systems Pub Date : 2022-01-01 DOI:10.1016/j.iotcps.2022.07.001

Eduardo B. Fernandez, Virginia M. Romero

{"title":"A security reference architecture for cargo ports","authors":"Eduardo B. Fernandez, Virginia M. Romero","doi":"10.1016/j.iotcps.2022.07.001","DOIUrl":null,"url":null,"abstract":"<div><p>Secure systems must be built in a systematic and holistic way, where security is an integral part of the development lifecycle and cuts across all architectural layers. This need is more evident in Cyber Physical Systems (CPSs), where attacks may target not only the information model of the system but also its physical entities. CPS systems are heterogeneous and often highly complex. Their possibly numerous components and cross-domain complexity make attacks easy to propagate and security difficult to implement. Moreover, this complexity results in a considerable variety of vulnerabilities and a large attack surface. To design secure CPS systems a good approach is to abstract their complexity and develop a common framework, namely a Reference Architecture (RA), to which we add security mechanisms in appropriate places to stop its threats to define a Security Reference Architecture (SRA). An SRA is an abstract architecture describing a conceptual model of security that provides a way to specify security requirements for a wide range of derived concrete architectures. An important type of CPS is a maritime container terminal, a facility where cargo containers are transported between ships and land vehicles for onward transportation, and vice versa. We present here an SRA for cargo ports built out of patterns, which goes beyond existing models in providing a global view and a more precise description than just block diagrams. Starting from an RA, we analyze security issues in each activity of the processes of the system and enumerate its threats. We describe threats using misuse patterns, and from them we select security patterns that realize defensive solutions.</p></div>","PeriodicalId":100724,"journal":{"name":"Internet of Things and Cyber-Physical Systems","volume":"2 ","pages":"Pages 120-137"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2667345222000207/pdfft?md5=87eb6db102f5744874c7aa529dd9d898&pid=1-s2.0-S2667345222000207-main.pdf","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things and Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667345222000207","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Secure systems must be built in a systematic and holistic way, where security is an integral part of the development lifecycle and cuts across all architectural layers. This need is more evident in Cyber Physical Systems (CPSs), where attacks may target not only the information model of the system but also its physical entities. CPS systems are heterogeneous and often highly complex. Their possibly numerous components and cross-domain complexity make attacks easy to propagate and security difficult to implement. Moreover, this complexity results in a considerable variety of vulnerabilities and a large attack surface. To design secure CPS systems a good approach is to abstract their complexity and develop a common framework, namely a Reference Architecture (RA), to which we add security mechanisms in appropriate places to stop its threats to define a Security Reference Architecture (SRA). An SRA is an abstract architecture describing a conceptual model of security that provides a way to specify security requirements for a wide range of derived concrete architectures. An important type of CPS is a maritime container terminal, a facility where cargo containers are transported between ships and land vehicles for onward transportation, and vice versa. We present here an SRA for cargo ports built out of patterns, which goes beyond existing models in providing a global view and a more precise description than just block diagrams. Starting from an RA, we analyze security issues in each activity of the processes of the system and enumerate its threats. We describe threats using misuse patterns, and from them we select security patterns that realize defensive solutions.

查看原文本刊更多论文

货物港口的安全参考体系结构

安全系统必须以系统和整体的方式构建，其中安全性是开发生命周期的一个组成部分，并跨越所有架构层。这种需求在网络物理系统(cps)中更为明显，其中攻击可能不仅针对系统的信息模型，还针对其物理实体。CPS系统是异构的，通常非常复杂。它们可能具有众多的组件和跨域复杂性，这使得攻击容易传播，安全性难以实现。此外，这种复杂性导致了各种各样的漏洞和很大的攻击面。要设计安全的CPS系统，一个好的方法是抽象其复杂性并开发一个通用框架，即参考体系结构(RA)，我们在适当的地方添加安全机制以阻止其威胁，以定义安全参考体系结构(SRA)。SRA是一种描述安全概念模型的抽象体系结构，它提供了一种为广泛的派生的具体体系结构指定安全需求的方法。海上集装箱码头是一种重要的CPS类型，它是一种货物集装箱在船舶和陆地车辆之间运输的设施，以便进行后续运输，反之亦然。我们在这里提出了一个基于模式构建的货运港口SRA，它超越了现有模型，提供了全局视图和比方框图更精确的描述。从RA开始，我们分析了系统进程的每个活动中的安全问题，并列举了其威胁。我们使用误用模式来描述威胁，并从中选择实现防御解决方案的安全模式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things and Cyber-Physical Systems

CiteScore

13.80

自引率

0.00%

发文量