TRIPLE:基于区块链的网络物理系统安全数字孪生框架

IF 10.4 1区 计算机科学 Q1 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS
Sabah Suhail , Mubashar Iqbal , Rasheed Hussain , Saif Ur Rehman Malik , Raja Jurdak
{"title":"TRIPLE:基于区块链的网络物理系统安全数字孪生框架","authors":"Sabah Suhail ,&nbsp;Mubashar Iqbal ,&nbsp;Rasheed Hussain ,&nbsp;Saif Ur Rehman Malik ,&nbsp;Raja Jurdak","doi":"10.1016/j.jii.2024.100706","DOIUrl":null,"url":null,"abstract":"<div><div>Cyber–physical systems (CPSs) are being increasingly adopted for industrial applications, yet they involve a dynamic threat landscape that requires CPSs to adapt to emerging threats during their operation. Recently, digital twin (DT) technology (which refers to a virtual representation of a product, process, or environment) has emerged as a suitable candidate to address the security challenges faced by dynamic CPSs. DT has the capability of strengthening the security of CPSs by continuously mapping the physical to twin counterparts to detect inconsistencies. The existing DT-based security solutions are constrained by untrustworthy data dissemination as well as limited data sharing among the involved stakeholders, which, in turn, limit the ability of DTs to run accurate simulations or make valid decisions. To address these challenges, this paper proposes a modular framework called <strong>TR</strong>usted and <strong>I</strong>ntelligent cyber-<strong>P</strong>hysica<strong>L</strong> syst<strong>E</strong>m (TRIPLE), that leverages blockchain, DTs, and threat intelligence (TI) to secure CPSs. The blockchain-based DT components in the framework provide data integrity, traceability, and availability for trusted DTs. Furthermore, to accurately and comprehensively model system states, the framework envisions fusing process knowledge for modeling DTs from system specification-based and learning-based information and other sources, including infrastructure-as-code (IaC) and knowledge base (KB). The framework also integrates TI for future-proofing against emerging threats, such that threats can be detected either reactively by mapping the behavior of physical and virtual spaces or proactively by TI and threat hunting. We demonstrate the viability of the framework through a proof of concept. Finally, we formally verify the TRIPLE framework to demonstrate its correctness and effectiveness in enhancing CPS security.</div></div>","PeriodicalId":55975,"journal":{"name":"Journal of Industrial Information Integration","volume":"42 ","pages":"Article 100706"},"PeriodicalIF":10.4000,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TRIPLE: A blockchain-based digital twin framework for cyber–physical systems security\",\"authors\":\"Sabah Suhail ,&nbsp;Mubashar Iqbal ,&nbsp;Rasheed Hussain ,&nbsp;Saif Ur Rehman Malik ,&nbsp;Raja Jurdak\",\"doi\":\"10.1016/j.jii.2024.100706\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Cyber–physical systems (CPSs) are being increasingly adopted for industrial applications, yet they involve a dynamic threat landscape that requires CPSs to adapt to emerging threats during their operation. Recently, digital twin (DT) technology (which refers to a virtual representation of a product, process, or environment) has emerged as a suitable candidate to address the security challenges faced by dynamic CPSs. DT has the capability of strengthening the security of CPSs by continuously mapping the physical to twin counterparts to detect inconsistencies. The existing DT-based security solutions are constrained by untrustworthy data dissemination as well as limited data sharing among the involved stakeholders, which, in turn, limit the ability of DTs to run accurate simulations or make valid decisions. To address these challenges, this paper proposes a modular framework called <strong>TR</strong>usted and <strong>I</strong>ntelligent cyber-<strong>P</strong>hysica<strong>L</strong> syst<strong>E</strong>m (TRIPLE), that leverages blockchain, DTs, and threat intelligence (TI) to secure CPSs. The blockchain-based DT components in the framework provide data integrity, traceability, and availability for trusted DTs. Furthermore, to accurately and comprehensively model system states, the framework envisions fusing process knowledge for modeling DTs from system specification-based and learning-based information and other sources, including infrastructure-as-code (IaC) and knowledge base (KB). The framework also integrates TI for future-proofing against emerging threats, such that threats can be detected either reactively by mapping the behavior of physical and virtual spaces or proactively by TI and threat hunting. We demonstrate the viability of the framework through a proof of concept. Finally, we formally verify the TRIPLE framework to demonstrate its correctness and effectiveness in enhancing CPS security.</div></div>\",\"PeriodicalId\":55975,\"journal\":{\"name\":\"Journal of Industrial Information Integration\",\"volume\":\"42 \",\"pages\":\"Article 100706\"},\"PeriodicalIF\":10.4000,\"publicationDate\":\"2024-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Industrial Information Integration\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2452414X24001493\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Industrial Information Integration","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2452414X24001493","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

网络物理系统(CPS)正越来越多地被应用于工业领域,但它们涉及动态威胁环境,要求 CPS 在运行过程中适应新出现的威胁。最近,数字孪生(DT)技术(指产品、流程或环境的虚拟表示)已成为应对动态 CPS 所面临的安全挑战的合适候选技术。数字孪生有能力通过不断映射实体与孪生对应物来检测不一致之处,从而加强 CPS 的安全性。现有的基于 DT 的安全解决方案受制于不可信的数据传播以及相关利益方之间有限的数据共享,这反过来又限制了 DT 运行精确模拟或做出有效决策的能力。为了应对这些挑战,本文提出了一个名为 "智能网络物理系统(TRIPLE)"的模块化框架,利用区块链、DT 和威胁情报(TI)来确保 CPS 的安全。该框架中基于区块链的 DT 组件为可信 DT 提供了数据完整性、可追溯性和可用性。此外,为了准确、全面地模拟系统状态,该框架设想从基于系统规范和学习的信息及其他来源(包括基础设施即代码(IaC)和知识库(KB))中融合流程知识,以模拟 DT。该框架还整合了 TI,以防范未来新出现的威胁,这样就可以通过映射物理和虚拟空间的行为来被动地检测威胁,或通过 TI 和威胁猎杀来主动地检测威胁。我们通过概念验证证明了该框架的可行性。最后,我们正式验证了 TRIPLE 框架,以证明其在增强 CPS 安全性方面的正确性和有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
TRIPLE: A blockchain-based digital twin framework for cyber–physical systems security
Cyber–physical systems (CPSs) are being increasingly adopted for industrial applications, yet they involve a dynamic threat landscape that requires CPSs to adapt to emerging threats during their operation. Recently, digital twin (DT) technology (which refers to a virtual representation of a product, process, or environment) has emerged as a suitable candidate to address the security challenges faced by dynamic CPSs. DT has the capability of strengthening the security of CPSs by continuously mapping the physical to twin counterparts to detect inconsistencies. The existing DT-based security solutions are constrained by untrustworthy data dissemination as well as limited data sharing among the involved stakeholders, which, in turn, limit the ability of DTs to run accurate simulations or make valid decisions. To address these challenges, this paper proposes a modular framework called TRusted and Intelligent cyber-PhysicaL systEm (TRIPLE), that leverages blockchain, DTs, and threat intelligence (TI) to secure CPSs. The blockchain-based DT components in the framework provide data integrity, traceability, and availability for trusted DTs. Furthermore, to accurately and comprehensively model system states, the framework envisions fusing process knowledge for modeling DTs from system specification-based and learning-based information and other sources, including infrastructure-as-code (IaC) and knowledge base (KB). The framework also integrates TI for future-proofing against emerging threats, such that threats can be detected either reactively by mapping the behavior of physical and virtual spaces or proactively by TI and threat hunting. We demonstrate the viability of the framework through a proof of concept. Finally, we formally verify the TRIPLE framework to demonstrate its correctness and effectiveness in enhancing CPS security.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Industrial Information Integration
Journal of Industrial Information Integration Decision Sciences-Information Systems and Management
CiteScore
22.30
自引率
13.40%
发文量
100
期刊介绍: The Journal of Industrial Information Integration focuses on the industry's transition towards industrial integration and informatization, covering not only hardware and software but also information integration. It serves as a platform for promoting advances in industrial information integration, addressing challenges, issues, and solutions in an interdisciplinary forum for researchers, practitioners, and policy makers. The Journal of Industrial Information Integration welcomes papers on foundational, technical, and practical aspects of industrial information integration, emphasizing the complex and cross-disciplinary topics that arise in industrial integration. Techniques from mathematical science, computer science, computer engineering, electrical and electronic engineering, manufacturing engineering, and engineering management are crucial in this context.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信