Simulation Modelling Practice and Theory ( IF 4.2 ) Pub Date : 2020-07-10 , DOI: 10.1016/j.simpat.2020.102151 Dmitry Levshun , Yannick Chevalier , Igor Kotenko , Andrey Chechulin
The paper describes the new model, which is a key element of the design and verification methodology for secure cyber-physical systems. The proposed model represents cyber-physical systems as a set of building blocks with properties and connections between them, while each building block is the projection of the integrated model. The models of attacker and attack actions are an external models that are connected with an integrated model: attack actions impact is modelled through changes in the properties of the system or its elements while the number of possible attack actions is reduced according to the attacker possibilities. The novelty of the proposed model lies in the strong focus on security and possibilities of direct (from the projections to the integrated model) and reverse (from the integrated model to the projections) transformations. Verification process is an integral part of the proposed solution. Verification provides the formal check of the system creation possibility in accordance with the requirements and limitations as well as that designed system is secured against an attacker of certain level of knowledge which is connected from certain access point and has certain amount of resources. During the experiments SPASS theorem prover, the Maude system and daTac were used. As an example of the proposed model application, firstly, an access control system was considered. This system contains Arduino microcontrollers, software agents, web-servers and different sensors. To provide an additional example an use case about mobile robot for perimeter monitoring was also presented. For the experiments, it was decided to use the LEGO 9797 Mindstorms NXT.
中文翻译:
基于网络物理系统集成模型的移动机器人设计与验证
本文介绍了新模型,该模型是安全的网络物理系统设计和验证方法的关键要素。所提出的模型将网络物理系统表示为一组具有属性和它们之间的联系的构建块,而每个构建块都是集成模型的投影。攻击者和攻击行为的模型是与集成模型关联的外部模型:攻击行为的影响是通过系统或其元素的属性的变化来建模的,同时根据攻击者的可能性减少可能的攻击行为的数量。所提出的模型的新颖性在于高度关注安全性和直接(从预测到集成模型)和反向(从集成模型到预测)转换的可能性。验证过程是提出的解决方案不可或缺的一部分。验证根据要求和限制对系统创建可能性进行了形式检查,并且针对特定系统的攻击者提供了所设计的系统的保护,该攻击者从某个访问点连接并具有一定数量的资源。在实验的SPASS定理证明者中,使用了Maude系统和daTac。作为所提出的模型应用的示例,首先,考虑了访问控制系统。该系统包含Arduino微控制器,软件代理,Web服务器和不同的传感器。为了提供另一个示例,还介绍了有关用于外围监视的移动机器人的用例。对于实验,决定使用LEGO 9797 Mindstorms NXT。