Onto-CARMEN: Ontology-driven approach for Cyber-Physical System Security Requirements meta-modelling and reasoning

In the last years, Cyber–physical systems (CPS) have attracted substantial mainstream, especially in the industrial sector, since they have become the focus of cyber-attacks. CPS are complex systems that encompass a great variety of hardware and software components with a countless number of configu...

Descripción completa

Detalles Bibliográficos
Autores: Blanco, Carlos, Rosado, David G., Varela Vaca, Ángel Jesús, Gómez López, María Teresa, Fernández Medina, Eduardo
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2023
País:España
Institución:Universidad de Sevilla (US)
Repositorio:idUS. Depósito de Investigación de la Universidad de Sevilla
OAI Identifier:oai:idus.us.es:11441/169092
Acceso en línea:https://hdl.handle.net/11441/169092
https://doi.org/10.1016/j.iot.2023.100989
Access Level:acceso abierto
Palabra clave:Cyber–physical system
Cybersecurity
Security
Configuration models
Security requirements
Security verification
Diagnosis
Descripción
Sumario:In the last years, Cyber–physical systems (CPS) have attracted substantial mainstream, especially in the industrial sector, since they have become the focus of cyber-attacks. CPS are complex systems that encompass a great variety of hardware and software components with a countless number of configurations and features. For this reason, the construction, validation, and diagnosis of security in CPS become a major challenge. An invalid security requirement for the CPS can produce partial or incomplete configuration, even misconfigurations, and hence catastrophic consequences. Therefore, it is crucial to ensure the validation of the security requirements specification from the earlier design stages. To this end, Onto-CARMEN is proposed, a semantic approach that enables the automatic verification and diagnosis of security requirements according to the ENISA and OWASP recommendations. Our approach provides a mechanism for the specification of security requirements on top of ontologies, and automatic diagnosis through semantic axioms and SPARQL rules. The approach has been validated using security requirements from a real case study.