Logo

Publikacije (54)

Nazad
Selma Opačin, Lejla Rizvanović, B. Leander, S. Mubeen, Aida Čaušević

Technical advances as well as continuously evolving business demands are reshaping the need for flexible connectivity in industrial control systems. A way to achieve such needs is by using a service-oriented approach, where a connectivity service middleware provides controller as well as protocol-specific interfaces. The Message Queuing Telemetry Transport (MQTT) protocol is a widely used protocol for device-to-device communication in the Internet of Things (IoT). However it is not commonly integrated in industrial control systems. To address this gap, this paper describes the development and implementation of a prototype of a connectivity service middleware for MQTT within an industrial private control network. The prototype implementation is done in the context of an industrial controller, and used in a simulated modular automation system. Furthermore, various deployment scenarios are evaluated with respect to response time and scalability of the connectivity service.

B. Leander, Aida Čaušević, Tomas Lindström, H. Hansson

Industrial control systems are undergoing a trans-formation driven by business requirements as well as technical advances, aiming towards increased connectivity, flexibility and high level of modularity, that implies a need to revise existing cybersecurity measures. Access control, being one of the major security mechanisms in any system, is largely affected by these advances.In this article we investigate access control enforcement architectures, aiming at the principle of least privilege1 in dynamically changing access control scenarios of dynamic manufacturing systems. Several approaches for permission delegation of dynamic access control policy decisions are described. We present an implementation using the most promising combination of architecture and delegation mechanism for which available industrial standards are applicable.

B. Leander, Tijana Markovic, Aida Čaušević, Tomas Lindström, H. Hansson, S. Punnekkat

When developing products or performing experimental research studies, the simulation of physical or logical systems is of great importance for evaluation and verification purposes. For research-, and development-related distributed control systems, there is a need to simulate common physical environments with separate interconnected modules independently controlled, and orchestrated using standardized network communication protocols.The simulation environment presented in this paper is a bespoke solution precisely for these conditions, based on the Modular Automation design strategy. It allows easy configuration and combination of simple modules into complex production processes, with support for individual low-level control of modules, as well as recipe-orchestration for high-level coordination. The use of the environment is exemplified in a configuration of a modular ice-cream factory, used for cybersecurity-related research.

Ayhan Mehmed, Aida Čaušević, W. Steiner, S. Punnekkat

Being used in key features, such as sensing and intelligent path planning, Artificial Intelligence (AI) has become an inevitable part of automated vehicles (AVs). However, their usage in the automotive industry always comes with a “label” that questions their impact on the overall AV safety. This paper focuses on the safe deployment of AI-based AVs. Among the various ways for ensuring the safety of AI-based AVs is to monitor the safe execution of the system responsible for automated driving (i.e., Automated Driving System (ADS)) at runtime (i.e., runtime monitoring). Most of the research done in the past years focused on verifying whether the path or trajectory generated by the ADS does not immediately collide with objects on the road. However, as we will show in this paper, there are other unsafe situations that do not immediately result in a collision but the monitor should check for them. To build our case, we have looked into the National Highway Traffic Safety Administration (NHTSA) database of 5.9 million police-reported light-vehicle accidents and categorized these accidents into five main categories of unsafe vehicle operations. Furthermore, we have performed a high-level evaluation of the runtime monitoring approach proposed in [1], by estimating what percentage of the total population of 5.9 million of unsafe operations the approach would be able to detect. Lastly, we have performed the same evaluation on other existing runtime monitoring approaches to make a basic comparison of their diagnostic capabilities.

B. Leander, Aida Čaušević, Tomas Lindström, H. Hansson

Industrial systems have traditionally been kept isolated from external networks. However, business benefits are pushing for a convergence between the industrial systems and new information technology environments such as cloud computing, as well as higher level of connectivity between different systems. This makes cybersecurity a growing concern for industrial systems. In strengthening security, access control is a fundamental mechanisms for providing security in these systems. However, access control is relatively immature in traditional industrial systems, as compared to modern IT systems, and organizations' adherence to an established cybersecurity standard or guideline can be a deciding factor for choices of access control techniques used. This paper presents the results of a questionnaire study on the usage of access control within industrial system that are being developed, serviced or operated by Swedish organizations, contrasted to their usage of cybersecurity standards and guidelines. To be precise, the article focuses on two fundamental requirements of cybersecurity: identification and authentication control, and presents related findings based on a survey of the Swedish industry. The goal of the study is breaching the gap between the current state and the requirements of emerging systems with regards to access control.

Jamal El Hachem, Elena Lisova, Aida Čaušević

Enabling System-of-Systems (SoS) security is an important activity when engineering SoS solutions like autonomous vehicles, provided that they are also highly safety-critical. An early analysis of such solutions caters for proper security architecture decisions, preventing potential high impact attacks and ensuring people's safety. However, SoS characteristics such as emergent behavior, makes security decision-making at the architectural level a challenging task. To tackle this challenge, it is essential to first address known vulnerabilities related to each CS, that an adversary may exploit to realize his attacks within the unknown SoS environment. In this paper we investigate how to use Game Theory (GT) approaches to guide the architect in choosing an appropriate security solution. We formulate a game with three players and their corresponding strategies and payoffs. The proposal is illustrated on an autonomous quarry example showing its usefulness in supporting a security architect to choose the the most suitable security strategy.

B. Leander, Aida Čaušević, H. Hansson, Tomas Lindström

Industrial control systems control and supervise our most important and critical infrastructures, such as power utilities, clean water plants and nuclear plants, as well as the manufacturing industries at the base of our economy. These systems are currently undergoing a transformation driven by the Industry 4.0 evolution, characterized by increased connectivity and flexibility. Consequently, the cybersecurity threat landscape for industrial control systems is evolving as well. Current strategies used for access control within industrial control systems are relatively rudimentary. It is evident that some of the emerging cybersecurity threats related to Industry 4.0 could be better mitigated using more fine-grained access control policies. In this article we discuss and describe a number of access control strategies that could be used within manufacturing systems. We evaluate the strategies in a simulation experiment, using a number of attack-scenarios. Moreover, a method is outlined for automatic policy-generation based on engineering-data, which is aligned with one of the best performing strategies.

Ayhan Mehmed, W. Steiner, Aida Čaušević

Manufacturers of self-driving cars need to significantly improve the safety of their products before the series of such cars are deployed in everyday use. A large number of architecture proposals for Automated Driving Systems (ADS) are aiming at addressing the challenge of safety. These solutions typically define redundancy schemes and quite commonly include self-checking pair structures, e.g., commander/monitor approaches. In such structures, the problem of false positive failure detections arises, i.e., the monitor may falsely classify the output of the commander as being faulty. In this paper, we review an ADS architecture for fully automated driving and propose a concept to remove false positives in a systematic way. We formalize our proposal in an abstract model and prove the absence of false positives by-means of k-induction. A reference to a technical report is given that contains a detailed discussion of the proof procedure.

Ajna Hodzic, Dzenita Skulj, Aida Čaušević

The popularity of railway transportation has been on the rise over the past decades, as it has provided safe, reliable, and highly available service. One of the main challenges this domain has been facing is reducing the costs of preventive maintenance and improving operational efficiency.In this paper, we aim at enabling the monitoring and analysis of collected signal data from a train propulsion system. The main idea is to monitor and analyze collected signal data gathered during the regular operation of the propulsion control unit or data recorded during the regular train tests in the real-time simulator. To do so, we have implemented a solution to enable train signal data collection and its storage for further analysis purposes. In our analysis, we focus on identifying signal anomalies and predicting potential failures using MathWorks tools. Two machine learning techniques, unsupervised and supervised learning, are implemented. Additionally, in this paper, we have investigated ways of how data can be efficiently managed.

Predrag Filipovikj, Aida Čaušević, Elena Lisova

Advances in cloud computing make cloud services as an appealing solution for enabling services flexibility and availability on demand to accommodate users' needs. The terms and the guarantees of service provision are negotiated and then stated in a Service Level Agreement (SLA). To facilitate a wider acceptance of such services, beside the standard properties, security has to be taken into consideration as well. One way to facilitate this is to provide a corresponding security assurance case. For that purpose, in this work we propose to split the security service assessment between an independent third party and a service user, where the former assess a security assurance case and the latter negotiates particular security solutions implemented for a service. For the systematic part of the security process that is independently assessed, in this paper we focus on the formal realizability check of service constraints expressed within an SLA. To enable this, we formalize the check at both service design-, and run-time, needed due to frequent updates required to maintain an agreed security level. The formalization is tailored for the SLAC language specifically, which is extended to cover a proposed set of security objectives. Moreover, we use an example of an SLA expressed in terms of SLAC language, which includes security guarantees to illustrate the approach.

B. Leander, Aida Čaušević, H. Hansson

—In the emerging trend towards modular automation, a need for adaptive, strict access control between interacting components has been identified as a key challenge. In this article we discuss the need for such a functionality, and propose a workflow-driven method for automatic access control policies generation within a modular automation system. The solution is based on recipes, formulated using Sequential Function Charts (SFC). The generated policies are expressed using Next Generation Access Control (NGAC), an Attribute Based Access Control (ABAC) standard developed by NIST. We provide (1) a definition of required policies for device-to-device interactions within a modular automation system, (2) an algorithm for automatic generation of access policies, (3) a formal proof of the correctness of this algorithm, and (4) an illustration of its use.

Ajna Hodzic, T. Nolte, Aida Čaušević, Claes Lindskog

The popularity of railway transportation has been on the rise over the past decades, as it has been able to provide safe, reliable, and highly available service. The main challenge within this domain is to reduce the costs of preventive maintenance and improve operational efficiency. To tackle these challenges, one needs to investigate and provide new approaches to enable quick and timely data collection, transfer, and storage aiming at easier and faster analysis whenever needed. In this thesis, we aim at enabling the monitoring and analysis of collected signal data from a train propulsion system. The main idea is to monitor and analyze collected signal data gathered during the regular operation of the propulsion control unit or data recorded during the regular train tests in the real-time simulator. To do so, we have implemented a solution to enable train signal data collection and its storage into a .txt and .CSV file to be further analyzed in the edge node and in the future connected to the cloud for further analysis purposes. In our analysis, we focus on identifying signal anomalies and predicting potential failures using MathWorks tools. Two machine learning techniques, unsupervised and supervised learning, are implemented. Additionally, in this thesis, we have investigated ways of how data can be efficiently managed. We have also reviewed existing edge computing solutions and anomaly detection approaches using a survey as a suitable method to identify relevant works within the state of the art.

Nema pronađenih rezultata, molimo da izmjenite uslove pretrage i pokušate ponovo!

Pretplatite se na novosti o BH Akademskom Imeniku

Ova stranica koristi kolačiće da bi vam pružila najbolje iskustvo

Saznaj više