How To Develop Secure Cyber-Physical Systems
The term Cyber-Physical System, also known by the acronym CPS (Cyber-Physical System), emerged around 2006 to refer to the new generation of systems that integrated both computational and physical capabilities. Generally, these systems have different elements that are connected through communication networks. This way, a distributed solution is offered that can interact with the physical world through input/output devices. We can find them in various application domains, such as health systems, aerospace systems, automotive systems, industrial control, etc.
Precisely, seeing the fields where they are used and given their ability to interact with the physical world, these systems are usually safety critical. In other words, their operation must be correct both functionally and temporarily. In previous blog posts, the importance of verifying the proper temporary operation of critical systems has already been highlighted, using the software-in-the-loop technique as an example. However, there are many other solutions to help in the process of designing reliable and secure CPS.
One of these solutions is to resort to the space-time partitioning of the system to, in this way, keep its different software components isolated. This allows us to contain and isolate functional and temporary failures of members with different reliabilities and security constraints. As an additional advantage, partitioned systems will enable you to reduce the software integration, verification and validation effort. This architecture, which is found, for example, in aviation systems, is frequently used in hypervisor systems. These offer us the possibility of operating with various independent execution environments on the same execution platform.
Another possible solution that can be adopted during the design process of a safe system is the use of mode changes and the definition of degraded modes of operation. This allows, for example, a system to maintain a minimum functionality when it finds itself in situations where it cannot perform it in optimal conditions. As an illustration, we could consider a system that must continue to carry out a subset of its tasks even when it is in a state of low connectivity, which could be one of the reasons that led it to this degraded state.
In this type of system, it is necessary to verify not only each one of the possible modes but also the transition periods between different modes of operation, during which the system functionalities are changing. A clear example occurs when the control system of a vehicle detects problems in the process of the engine. In this case, the car goes into a safe mode where the revolutions, power, etc., are limited to stop the vehicle safely.
Whatever the methodology or solutions you want to adopt, one of the essential points to consider is the study of the system’s viability. With this study, we can identify if a system is going to breach the temporary restrictions that have been established. In this way, we can remember, during the design phase, that our system, as defined, does not meet the security requirements, and we can work on providing a solution in this regard.
In short, designing a secure system is a complex task requiring many verification details to be considered before deployment. In this sense, ITI has been developing multi-objective software for the analysis, simulation, design and verification of cyber-physical systems. Within the framework of the customer 3 project, this tool is being extended to provide it with new capacities and services that allow the modeling of partitioned systems with mixed-criticality, such as those already mentioned above.