=Paper=
{{Paper
|id=Vol-2603/short13
|storemode=property
|title=Criterion Of Cyber-Physical Systems Sustainability
|pdfUrl=https://ceur-ws.org/Vol-2603/short13.pdf
|volume=Vol-2603
|authors=Evgeny Pavlenko,Dmitry Zegzhda,Anna Shtyrkina
}}
==Criterion Of Cyber-Physical Systems Sustainability==
https://ceur-ws.org/Vol-2603/short13.pdf
Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
Criterion Of Cyber-Physical Systems Sustainability
Evgeny Pavlenko Dmitry Zegzhda Anna Shtyrkina
Higher School of Cybersecurity and Higher School of Cybersecurity and Higher School of Cybersecurity and
Information Security Information Security Peter the Great Information Security
Peter the Great St. Petersburg St. Petersburg Polytechnic Peter the Great St. Petersburg
Polytechnic University University Polytechnic University
Saint-Petersburg, Russia Saint-Petersburg, Russia Saint-Petersburg, Russia
pavlenko@ibks.spbstu.ru dmitry@ibks.spbstu.ru anna_sh@ibks.spbstu.ru
Abstract—The article proposes a sustainability criterion for of CPS in the context of destructive interventions comes to the
cyber-physical systems. The concept of information security for fore.
cyber-physical systems has been transformed due to the specifics
of these systems. Cyber-physical systems combine information
and physical processes, which requires the creation of new
II. RELATED WORKS
approaches to ensure their security. The sustainability property There are many approaches to maintain sustainability of
for such systems shows their ability to maintain correct CPS [8-19, 22]. One of promising approach uses a biology
functioning under cyber-attacks. The criterion proposed in the concept of homeostasis – mechanism that provide constancy of
article uses the representation of the structure of the cyber- internal organism processes. This approach provides adaptation
physical system in the form of a graph, where the processes and self-regulation mechanisms of complex dynamic systems.
performed by the system are reflected in the form of routes. In Such features of the approach allow autonomous control and
proposed approach sustainability criterion is the number of maintenance of the state of the system. Homeostatic approach
routes of a certain quality, which allow to perform the objective for CPS was proposed in [11, 12] as an ability of self-
function. Such a representation of the system and the objective adaptation. However, authors of these papers were focused on
function provides convenient modeling of possible ways to
the operation correctness, but not on security aspects.
rebuild routes. Attacking impacts and system restoration
measures that prove the applicability of the criterion for
Moreover, proposed model is not applicable because of high
assessing the sustainability of cyber-physical systems are monitoring algorithm complexity in case of large dynamic
considered. systems. One more paper [13] focused from self-adaptive
architectures to self-learning architectures to learn and improve
Keywords—sustainability; cyber sustainability; cyber resilience; QoS parameters over a time. However, such approach do not
cyber-physical system; information security; graph theory; take into account structural parameters of CPS, but only time
cybersecurity; modeling. series and data stream.
Thus, due to dynamic behavior of CPS, homeostatic
I. INTRODUCTION strategy can be separate on three stages: system monitoring,
Cyber-physical systems (CPS) is a technological concept, sustainability estimating and making decision to system
which provides a close coordination between computing and recovery. To implement this strategy, a method is needed to
physical resources. In general, CPS support the maintenance of evaluate the sustainability of the CPS at the current time, as
real world processes using regular monitoring and a feedback well as to predict the maximum destructive load, which will
loop [1-4]. As a result, physical processes influence on lead to a complete loss of system functionality. Thus, second
information processes and vice versa. stage can be realized by different methods using mathematical
statistics, game theory and so on. Paper [14] proposed novel
Vivid examples of CPS are industrial systems associated algorithm for estimation of system state that resilient to
with critical areas of human activity [5, 6]. Unauthorized different types of attacks. Proposed method uses principles of
interference with such systems can lead to disastrous robust optimization and give a “frequentist” robust estimator.
consequences; therefore, the question about CPS security is However, such method do not take into account structure of the
extremely important nowadays. CPS which can be represented as a network of devices. Paper
The close integration of physical and information processes [15] proposed game-theoretic concept to estimating system
leads to the fact that CPS security do not provide by classical sustainability. This approach defined sustainability as power-
concepts of confidentially, integrity and availability of form product of the survival probabilities of cyber and physical
information circulated in system [7]. The CPS protection from spaces, each with a corresponding correlation coefficient. Such
destructive impact is also important, since the physical method do not take into account a structure of the system and
processes implemented by system are irreversible. In this might not be as flexible as it needed for providing
regard, the problem of maintaining the functional sustainability cybersecurity. Paper [16] proposes methodology to estimate
environmental sustainability of CPS. This approach is scalable,
The study was carried out as part of the scholarship of the President of the
Russian Federation to young scientists and graduate students SP-1689.2019.5.
60
�economic perspective, however due to simplifications some total route performance.
failures can be missed. In addition, this method do not consider
structural features of heterogeneous systems. In [17, 19] time of route execution.
authors proposed to estimate CPS as rate of system recovery, energy characteristics of the vertex, determined by
however this method is posteriori, so this model allow only device type.
restoring system after destructive influences.
Thus, when calculating the characteristics of the route, all
connections between the components of the system are taken
III. APPROACH TO CPS SECURITY
into account, as well as the characteristics of the vertices that
Homeostasis strategy was applied to security of CPS in perform the functions included in the process. Intermediate
[20]. The method of estimating CPS sustainability is nodes are not counted in the summation.
determined by the way the system is presented and simulated.
In case of CPS, one of the most common is a model based on The presence of high-quality routes, for example, with a
graph theory. Graph theory allows us to consider not only the short execution time, determines the stability of the CPS in
network of devices within an integrated CPS, but also the terms of destructive influences, since the reduction of such
interaction of CPS components with each other. Since the routes will lead to system downtime, which can lead to failures
processes in the CPS are carried out by exchanging data and of the target function - that is, to lose sustainability.
between devices, each process can be represented as a route on
a graph. The presence of a large number of such routes, as well IV. ESTIMATING OF SUSTAINABILITY AREA
as their quality, determine the system's ability to function, To estimate the CPS sustainability, the information system
thereby giving an assessment of its stability. was modeled as a graph. The graph was constructed using
Paper [18] proposed graph model, according to which CPS Erdos-Renyi model [21] with the number of nodes equal to 30,
is a graph G=, where V={v1,v2,…,vn} − is set of graph and the probability, and the probability of edge appearance
vertices representing the devices, and E={e1,e2,…,en} − set of equal to 0.35. Each vertex of the graph was mapped:
edges representing connections between system components. set functions that the vertex can perform and its
Each vertex is characterized by a tuple, which contains the complexity.
characteristics, depending on its type. The important parameter
performance of the device.
of vertex is capacity of device performance(vi), where i is the
node identifier. In addition to typical parameters, each vertex time of function execution of the device.
corresponds to a set of functions that it can perform
F(vi)=(f1,f2,…,fk). The set of functions that can be performed by Each edge is associated with a time rate between vi and vj
components of the CPS is not homogeneous: it can include time: time(vi, vj).
both trivial and more complex in terms of function While ensuring the CPS security, important parameters are
implementation. Therefore, it is advisable to enter a measure times of attacks detection and CPS rebuilding to neutralize
for each of the functions that determines its complexity fi→ destructive impacts. Therefore, as the characteristics of the
complexity(fi). Knowing the node performance and the quality of the route were chosen the time of the route execution
complexity of the functions it performs, you can find the and its total performance.
execution time of the function fj on the device vi through the
equation (1). As a part of study, a working route was defined,
represented as a sequence of functions. To estimate CPS
sustainability an algorithm was developed that performs a
time(vi, fj)= complexity(fj)/ performance(vi) (1) search for various routes on a graph, including a sequence of
vertices that perform functions from the working route. The
Each edge also has a parameter characterizing the data rate characteristics of the intermediate vertices were not taken into
between vertices vi and vj: time(vi, vj). account. For each route found, time and performance were
A process running in a CPS is characterized by a sequence calculated. The bar plot for the values obtained are shown in
of functions that are performed by the vertices of the graph Fig. 1.
Rprocess={f1,f2,…,fm}. It should be noted that complex functions
can be decomposed as a sequence of simpler ones, which
allows to effectively reconfigure the route in terms of
destructive effects. This fact, as well as the fact that each
function can correspond to several vertices of the graph with
different performance, leads to the fact that each processi in the
CPS corresponds to a set of working routes pathj from Rprocess
differing in their characteristics.
As parameters of the routes, it is proposed to consider:
Fig. 1. Bar plot for time and performance of working routes.
route length.
total route complexity.
61
� To estimate the number of routes depending on the time of The left area of the graph corresponds to routes with lowest
their execution, a cumulative function was built (Figure 2). The performance; the right area corresponds to routes with longest
argument of this function is an ordered set of time values, and execution time. Thus, routes in the middle part of plot on Fig. 4
the function values are the number of routes that have a time can be interpreted as area of system sustainability. It is
execution less than the value of the argument. Thus, judging proposed to limit the sustainability area by symmetric intervals
from Fig. 2, the number of routes that have an execution time of length 0.25 from the intersection point. The right boundary
less than 19 is approximately 100,000. refers to the execution time of the routes — that is, routes from
the sustainability area should not run for longer than a certain
time. The left border, respectively, refers to route performance.
For fix values of execution time and performance of
working route on x axis the number of routes suites to such
characteristics was calculated. The largest value observed at the
intersection point of two curves (Fig. 5). Since the number of
routes is also a quality criterion, to limit the area of
sustainability, it is proposed to cut off a part with
characteristics for which the number of routes is less than
20,000.
Fig. 2. Cumulative function for route time execution.
In a case of performance estimation, the best quality route
will have a large total performance value. Therefore, the
cumulative function for the performance of routes is
constructed as follows: the number of routes whose
performance is greater than the value of the performance taken
as the value of function (Fig. 3).
Fig. 5. Number of routes for the fixed values of execution time and
performance of working route.
Thus, the paper proposed the criterion for CPS
sustainability, which is number of working routes in system
with optimal values of execution time and performance. In
order to check the applicability of the criterion, it is necessary
to simulate destructive influences and to check reaction of
criterion to changes in system structure.
V. SIMULATING IF DESTRUCTIVE INFLUENCES
Fig. 3. Cumulative function for route performance.
As part of the study, an attack was modeled, consisting in
sequential removal of half of the vertices. For the resulting
graph, number of routes was calculated, characteristics of time
For further analysis, the normalization of the values of
and performance that was in area of the system sustainability
performance and execution time of the route was carried out.
(Fig. 6).
The graphs for both characteristics were combined, and then
the intersection point was found (Fig.4).
Fig. 4. Intersection of execution and performance curves for working routes. Fig. 6. Number of routes in sustainability area depending on the number of
deleted vertices.
62
� Obviously, due to varying complexity of functions
performed by devices, an increase in performance of different
The second model of the attack influence is to delete the types of vertices affect the number of suitable routes in
vertex, which has a certain degree of criticality. As an indicator different ways. As part of the work, an experiment consists in
of the vertex criticality, is it proposes to use the ratio of increasing performance of certain type vertex twice, was
working routes number passing through the vertex to the total conducted. Results are presented in Figure 8.
number of working routes. Number of routes depending on
criticality of deleted vertex was evaluated for fixed values of Abscissa axis indicates type of functions that can be
execution time and performance of routes (Fig. 7). performed by system components, arranged in order of
increasing complexity. The first point on the plot corresponds
to the initial value of number of routes in graph without
changing the performance of devices of a particular type.
Fig. 7. Number of routes in sustainability area depending on criticality of
deleted vertex.
Fig. 8. Sustainability criterion depended on changing performance of certain
As experiments show, at a certain criticality of vertex, type vertices.
number of routes in the sustainability area reaches zero, which
indicates the complete inability of system to function along a It should be noted that in Figure 8, the observed linear
given sequence of functions. relationship is determined by the fact that the sequence of
During the simulation of attacking influences, proposed functions includes all the functions performed by system. If,
criterion of sustainability showed high sensitivity to structural however, we increase length of working route and duplicate
changes in CPS. occurrence of f3 function, then a small jump will be observed
precisely with an increase in performance of devices
implementing this function, as shown in Fig. 9.
VI. APPROACH TO SYSTEM RECOVERY
Taking into account the proposed criterion, recovery of
system functionality is reduced to problem of changing the
graph in such a way that number of routes satisfying the given
characteristics increases. An increase in the number of routes is
possible through implementation of various scenarios:
Rebuilding and reconfiguration of CPs to improve the
graph connectivity, which will lead to emergence of
new routes or change their length.
Definition of new sequence of performing target
function due to possibility of representing the functions
as a decomposition of other functions.
Improving device characteristics, in particular,
increasing the performance of certain type devices.
Fig. 9. Sustainability criterion depended on changing performance of certain
The tasks of reconfiguring the network structure and setting type vertices.
new routes can be associated with high computational costs for
implementing mathematical algorithms, as well as time costs Thus, for effective CPS recovery and increasing number of
for rebuilding the system, which can lead to system downtime suitable routes that satisfy the specified characteristics, it is
and, consequently, affect the speed of the target function. necessary to give preference to types of devices that perform
Therefore, these methods are recommended in most serious more complex functions if the ratio of functions of different
cases. The approach of changing the characteristics of devices types in a given sequence is approximately the same.
implies the allocation of additional resources to increase
devices performance.
63
� VII. CONCLUSION Contingency management, Intelligent, Agent-based, Cloud computing
and Cyber security" (IWCI 2018), vol. 158, pp. 100-105. 2018. DOI:
CPS security reduces to maintaining system sustainability. 10.2991/iwci-18.2018.18.
For solving this problem criterion on sustainability is needed. [10] N. Voropai, I. Kolosok and E. Korkina, “Resilience Assessment of the
This criterion should take into account not only information State Estimation Software under Cyber Attacks,” E3S Web of
and physical parameters of system devices, but also structural Conferences, vol. 58, pp. 1-6. 2018 DOI:
10.1051/e3sconf/20185802013.
characteristics of CPS network.
[11] I. Gerostathopoulos, D. Skoda, F.Plasil, T. Bures and A. Knauss,
Using graph representation of CPS, the processes in the “Architectural Homeostasis in Self-Adaptive Software-Intensive Cyber-
system can be represented as a set of routes that include a given Physical Systems,” Tekinerdogan B., Zdun U., Babar A. (eds) Software
Architecture. ECSA 2016. Lecture Notes in Computer Science, vol
sequence of vertices, each of which performs set of specific 9839, pp. 113-128, 2016. DOI: 10.1007/978-3-319-48992-6_8.
functions. Mapping set of qualitative characteristics to vertices
[12] I. Gerostathopoulos, T. Bures, P. Hnetynka, J. Keznikl, M. Kit, F. Plasil
and connections, leads to simple evaluating the optimality of and N.Plouzeau, “Self-adaptation in software-intensive cyber–physical
the route as total value of vertices and links characteristics systems: From system goals to architecture configurations,” Journal of
containing in the route. Systems and Software,vol. 122, pp. 378-397, 2016. DOI:
10.1016/j.jss.2016.02.028.
Thus, number of routes with optimal value of quality [13] H. Muccini and K. Vaidhyanathan, “A Machine Learning-Driven
characteristics determines sustainability of CPS. Applicability Approach for Proactive Decision Making in Adaptive Architectures,”
of this criterion was verified by modeling destructive effects, as 2019 IEEE International Conference on Software Architecture
a result of which proposed sustainability assessment Companion (ICSA-C), Hamburg, Germany, 2019, pp. 242-245, 2019.
DOI: 10.1109/ICSA-C.2019.00050.
demonstrated high sensitivity to changes in the graph
[14] S. Z. Yong, M. Q. Foo and E. Frazzoli, “Robust and resilient estimation
describing CPS. for Cyber-Physical Systems under adversarial attacks,” 2016 American
Control Conference (ACC), Boston, MA, 2016, pp. 308-315, 2016. DOI:
REFERENCES 10.1109/ACC.2016.7524933.
[15] F. He, J. Zhuang, N. S. V. Rao, C. Y. T. Ma and D. K. Y. Yau, “Game-
theoretic resilience analysis of Cyber-Physical Systems,” 2013 IEEE 1st
[1] D. Lavrova, M. Poltavtseva, A. Shtyrkina, “Security analysis of cyber- International Conference on Cyber-Physical Systems, Networks, and
physical systems network infrastructure,” IEEE Industrial Cyber- Applications (CPSNA), Taipei, 2013, pp. 90-95, 2013. DOI:
Physical Systems (ICPS), pp. 818-823, May 2018. DOI: 10.1109/CPSNA.2013.6614252.
10.1109/ICPHYS.2018.8390812.
[16] S. Thiede, “Environmental Sustainability of Cyber Physical Production
[2] Zegzhda D., Vasilev U., Poltavtseva M., Kefele I., Borovkov A. Systems,” Procedia CIRP, vol. 69, pp. 644-649, 2018. DOI:
Advanced Production Technologies Security in the Era of Digital 10.1016/j.procir.2017.11.124.
Transformation. Voprosy kiberbezopasnosti [Cybersecurity issues],
[17] D. Wei, J. Kun, “Method for quantitative resilience estimation of
2018, No 2 (26), pp. 2-15. DOI: 10.21681/2311-3456-2018-2-2-15.
industrial control systems,” U.S. Patent Application No. 13/703,158,
[3] Kotenko I., Levshun D., Chechulin A., Ushakov I., Krasov A. Integrated 2010.
Approach to Provide Security of Cyber-Physical Systems Based on
[18] Barabanov A., Markov A., Tsirlov V. Procedure for Substantiated
Microcontrollers. Voprosy kiberbezopasnosti [Cybersecurity issues],
Development of Measures to Design Secure Software for Automated
2018, No 3 (27), pp. 29-38. DOI: 10.21681/2311-3456-2018-3-29-38.
Process Control Systems. In Proceedings of the 12th International
[4] N. Sadiku, Y. Wang, S. Cui, M. Musa, “Cyber-physical systems: a Siberian Conference on Control and Communications (Moscow, Russia,
literature review,” European Scientific Journal, vol. 13, num. 36, pp. 52- May 12-14, 2016). SIBCON 2016. IEEE, 7491660, 1-4. DOI:
58, 2017. DOI: 10.1142/S2424862217500129. 10.1109/SIBCON.2016.7491660.
[5] D. P. F. Möller and H. Vakilzadian, “Cyber-physical systems in smart [19] Markov A., Barabanov A., Tsirlov V. Periodic Monitoring and Recovery
transportation,” 2016 IEEE International Conference on Electro of Resources in Information Systems. In Book: Probabilistic Modeling
Information Technology (EIT), Grand Forks, ND, pp. 0776-0781. 2016. in System Engineering, by ed. A.Kostogryzov. IntechOpen, 2018,
DOI: 10.1109/EIT.2016.7535338. Chapter 10, pp. 213-231. DOI: 10.5772/intechopen.75232.
[6] O. Givehchi, K. Landsdorf, P. Simoens and A. W. Colombo, [20] D.P Zegzhda and E. Y. Pavlenko, “Cyber-physical system homeostatic
“Interoperability for Industrial Cyber-Physical Systems: An Approach security management,” Automatic Control and Computer Sciences, vol.
for Legacy Systems,” IEEE Transactions on Industrial Informatics, vol. 51, num. 8, pp. 805-816, 2017. DOI: 10.3103/S0146411617080260.
13, num. 6, pp. 3370-3378, Dec. 2017. DOI: 10.1109/TII.2017.2740434.
[21] P. Erdos and A.Rényi, “On the evolution of random graphs,” Publication
[7] Y.Ashibani and Q. H. Mahmoud, “Cyber physical systems security: Of The Mathematical Institute Of The Hungarian Academy Of Sciences,
Analysis, challenges and solutions,” Computers & Security, vol. 68, pp. vol. 5, pp. 17-61. 1960.
81-97, 2017. DOI: 10.1016/j.cose.2017.04.005.
[22] Petrenko A.S., Petrenko S.A., Makoveichuk K.A., Chetyrbok P.V. The
[8] V. Marquis, R. Ho, W. Rainey, M. Kimpel, J. Ghiorzi, W. Cricchi, N. IIoT/IoT device control model based on narrow-band IoT (NB-IoT). In
Bezzo, “Toward attack-resilient state estimation and control of Proceedings of the the 2018 IEEE Conference of Russian Young
autonomous cyber-physical systems,” 2018 Systems and Information Researchers in Electrical and Electronic Engineering (29 Jan.-1 Feb.
Engineering Design Symposium (SIEDS), Charlottesville, VA, pp. 70- 2018, Moscow and St. Petersburg, Russia) EIConRus, IEEE, 2018, pp.
75. 2018. DOI: 10.1109/SIEDS.2018.8374762. 950-953. DOI: 10.1109/EIConRus.2018.8317246.
[9] I. Kolosok and E. Korkina, “Cyber resilience of SCADA at the level of
energy facilities,” V-th International workshop " Critical infrastructures:
64
�