Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Identify the Need for a Review
Review Protocol
Study Selection Criteria
Research Questions
Data Extraction
Misbehavior Analysis
Security Analysis
Sos Design
Threat Analysis
Security-Related Roles
Systems Related Roles
Data Synthesis
Study Selection
Inaccuracy in Data Extraction
Study Reliability
Study Validity
Sos Under Study
Study Validation
Statistical Analysis
Conclusions and Future Work
Future Work 5
Future Work 6
References
All Topics
Computer Science
Distributed Systems

A systematic mapping study on security for systems of systems

Profile image of Angel OliveroAngel Olivero

2023, International Journal of Information Security

https://doi.org/10.1007/S10207-023-00757-0
visibility

description

31 pages

link

1 file

Abstract

In the late twentieth century, the term "System of Systems" (SoS) became popular to describe a complex system made up of a combination of independent constituent systems. Since then, several studies have been conducted to support and assess SoS management, functionality, and performance. Due to the evolutionary nature of SoS and the non-composability of the security properties of its constituent systems, it is difficult to assess or evaluate SoS security. This paper provides an up-to-date survey on SoS security, aimed at stimulating and guiding further research efforts. This systematic mapping study (SMS) focuses on SoS security, privacy, and trust. Our SMS identified 1828 studies from 6 digital libraries, 87 of which were selected that presented approaches analyzing, evaluating, or improving security. We classified these studies using nine research questions that focused on the nature of the studies, the studied SoS, or the study validation. After examining the selected studies, we identified six gaps and as many future work directions. More precisely, we observed that few studies examine SoS problems and instead propose specific solutions, making it challenging to develop generalizable approaches. Furthermore, the lack of standardization has hindered the reuse of existing approaches, making it difficult for solutions to be generalized to other SoS. In addition, the lack of descriptions of industrial environments in the literature makes it difficult to design realistic validation environments. As a result, the validation of new SoS research remains a challenge in the field.

Related papers

Security engineering in a system of systems environment
Judith Dahmann

2013 IEEE International Systems Conference (SysCon), 2013

This paper describes an actionable engineering framework for security engineering of a system of systems (SoS). The framework is envisioned as a tool for assessing security risks to command and control (C2) and other critical capabilities or missions based on an analysis of the contributing systems and the SoS supporting them. The framework is a continuous five-step process that embeds security engineering into a lifecycle model of SoS engineering. It does so in a way that implicitly recognizes that improvements to mission security need to focus on current and projected operational needs and risks based on the fielded SoS and the evolving tactics and strategies of the adversary. With this approach, analysis and corrective action can be implemented rigorously and continuously to enable rapid response to changing conditions or on an emergency basis when critical risks emerge. Targeted changes in fielded system elements with the greatest impact on mission outcomes can then be identified and implemented as part of ongoing acquisitions, system upgrades or on an emergency basis when conditions warrant. The iterative nature of the approach recognizes that changes will occur in SoS elementsthe systems themselves, user operations, and the environmentcalling for an approach which can adapt over time. An SoS security risk framework is needed to manage the problem of identifying the key elements of risk to SoS missions. The issue is the complexity resulting from the large number of logical paths through an SoS that could represent a security risk. Effectively managing this problem enables the application of security specific analyses to the SoS elements that have been identified as critical. The framework is a bridge between the operational and acquisition/engineering communities that draws on the foundational elements of SoS engineering, particularly an understanding of the SoS components, interdependencies and dynamics. The results of the SoS security engineering analysis can be used to support investment decisions about the constituents of a SoS. While the focus of this framework is on acquisition and engineering materiel solutions, it also accommodates the consideration of non-materiel solutions.

View PDFchevron_right
Systems of Systems and Security: A Defense Perspective
Judith Dahmann

INSIGHT, 2011

oday's dynamic defense environment is characterized by an array of changing threats, with innovative, rapidly adaptive strategies to collect information, disable systems, and disrupt the adversaries' ability to mount and sustain an effective defense. This threat environment has led to heightened awareness of system vulnerabilities and has made security a key concern for operations and now for defense acquisition. Both in addressing operational security issues in the current inventory of legacy systems and in looking forward, the US Department of Defense (DoD) is placing increasing emphasis on addressing security considerations as part of system acquisition and engineering. Concurrently, most defense systems today operate as part of one or more systems of systems, often in a networked environment. To implement the war-fighting strategies of today and tomorrow, systems are networked and designed to share information and services in order to provide a flexible and coordinated set of war-fighting capabilities. Under these circumstances, systems operate as part of an ensemble of systems supporting broader capability objectives. This move to a system-of-systems (SoS) environment poses new challenges to systems engineering in general and to specific DoD efforts to engineer secure military capability. This article examines the current United States defense approach to security and the challenges posed by systems of systems. We intentionally do not address challenges that are not unique to systems of systems. Although the situation we are describing is specific to the defense domain, we believe that the issues also apply beyond the defense community to other areas including integrated transportation systems, financial systems, and other critical infrastructure. The Department of Defense's Current Approach to System Security Historical approaches to system security focused on preventing unauthorized access to information. Personnel security ensures that clearances and a "need to know" are in place before people obtain access. Network security ensures that identities are authen

View PDFchevron_right
A Framework for System Security
Clark Thomborson

2010

Actors in our general framework for secure systems can exert four types of control over other actors' systems, depending on the temporality (prospective vs. retrospective) of the control and on the power relationship (hierarchical vs. peering) between the actors. We make clear distinctions between security, functionality, trust, and distrust by identifying two orthogonal properties: feedback and assessment. We distinguish four types of system requirements using two more orthogonal properties: strictness and activity. We use our terminology to describe specialised types of secure systems such as access control systems, Clark-Wilson systems, and the Collaboration Oriented Architecture recently proposed by The Jericho Forum.

View PDFchevron_right
Survey: security in the system development life cycle
Biba Amer

2005

A general approach to security architecture is introduced. A survey of existing attempts to develop the security architecture introduces the topic. Security can be highlighted as part of the system development life cycle. The authors assume that security cannot be achieved by concentrating on one system component but can be achieved by identifying the relationship between these components and how information is used among them. An original sphere of use and interaction is presented upon which security measures can be evaluated and the required security controls can be chosen.

View PDFchevron_right
A System Architecture to Support a Verifiably Secure Multilevel Security System
Richard A DeMillo

1980

View PDFchevron_right
Secure system composition: five practical initiatives
Greg King

Tenth Annual Computer Security Applications Conference

Sta&r& profiles, goal security architectures, core products, the Multilevel Information Systems Security Initiative (MISSI), and security profila are important ongoing INFOSEC initiatives. This paper considers them as varying practical attempts to solve the problem of secwe system composition (i.e., of how to produce a secure system @om secure components). The strategy used by each to solve this problem is first characterized. The ability of each to solve the problem is then assessed The paper concludes that, by virtue of their focus on component interfaces, all five contribute to the solution of the composition problem (to a limited degree now, to a greater degree in the future).

View PDFchevron_right
Security in the Future of Systems Engineering (FuSE), a Roadmap of Foundation Concepts
Delia Pembrey

INCOSE International Symposium, 2021

The Future of Systems Engineering (FuSE) is an INCOSE‐led multiorganizational collaborative initiative pursuing INCOSE's Vision 2025 and beyond. To accomplish this the FuSE initiative encompasses a number of topic areas with active projects to shape the future of systems engineering. This paper addresses the FuSE Security topic area and provides a roadmap of eleven foundational concepts for building the security vision. The purpose of this paper is to instigate and inspire thinking and involvement in the development and practice of the foundational concepts.

View PDFchevron_right
Information systems security: Scope, state-of-the-art, and evaluation of techniques
G. Pernul

International Journal of Information Management, 1995

To achieve a certain degree of information systems security different techniques have been proposed and implemented. It is the aim of this paper to form a basis for their evaluation and comparison. For this purpose a general framework of security is established by defining its scope, most common threats against the security, and two kinds of different comparison and evaluation criteria. The first criteria is a set of requirements on the secrecy and confidentiality of information while the second consists of several structural requirements which we believe are essential for a successful and powerful security technique. In our evaluation we include the Discretionary Models, the Mandatory Models, the Personal Knowledge Approach, the Chinese Wall Policy and the Clark and Wilson model of security. Giinther Pernul received MSc and the PhD degrees from the University of Vienna, where he holds an Associate Professor position at the Department of Information Engineering. Shortly he will take over a full professor position in Information Systems at the University of Essen, Germany. His main research interests are information systems analysis, modelling, and design, computer security, and database management systems.

View PDFchevron_right
Security and Digital Libraries
Edward Fox

Digital Libraries - Methods and Applications, 2011

View PDFchevron_right
Systematic Mapping Study of Security in Multi-Embedded-Agent Systems
Annabelle Mercier

IEEE Access, 2021

In this paper, we study distributed and decentralized systems in which each part is modeled as an agent in a multi-agent system. Those systems provide more scalable and easier ways to control complex, distributed and interconnected systems of embedded components. We are particularly interested in methods to secure these systems. Objectives: This study aims to identify the main security properties studied, the parts of a multi-agent architecture that are considered most often in security studies and the technical solutions used to secure those systems. Methods: We conducted a systematic mapping study on research works addressing the security of multi-agent systems with embedded agents. We identified which security features were addressed, and their roles in global security architecture. Results: We identified 70 papers published in journals and conferences. We classified the extracted data reporting a tendency to focus on securing the availability of systems under attack by means of trust schemes, sometimes supported by cryptographic primitives. Conclusion: The use of cryptography appears to be limited in decentralized systems. However, solutions should be provided to overcome those limits as other solutions such as trust schemes do not protect the system from the same type of attacks.

View PDFchevron_right

References (128)

  1. 21 Application of cybersecurity in emerging C4ISR systems [33] 22 Applying model-based systems engineering approach to smart grid software systems security requirements [59] 23
  2. Architecting System of Systems Solutions with Security and Data-Protection Principles [60] 24 Architectural Patterns for Self-Organizing Systems-of-Systems [34] 25
  3. Assessing Security Risk and Requirements for Systems of Systems [61] 26
  4. Assessing System of Systems Security Risk and Requirements with OASoSIS [62] 27 Automated and Secure Onboarding for System of Systems [32] 28 Autonomous Distributed Electronic Warfare System of Systems [63] 29 Beyond connected cars: A systems of systems perspective [64] 30 Clock synchronization considerations in security informed safety assurance of autonomous systems of systems [65] 31
  5. Context-Aware Security Solutions for Cyber Physical Systems [66] 32 Cybersecurity as a centralized directed system of systems using SoS explorer as a tool [67] 33 Cybersecurity challenges of systems-of-systems for fully-autonomous road vehicles [68] 34
  6. Cybersecurity Considerations for an Interconnected Self-Driving Car System of Systems [69] 35
  7. Defining "The Weakest Link": Comparative Security in Complex Systems of Systems [26] 36 Dependable System of Systems Engineering: the COMPASS Project [70] Identification of Security Requirements in Systems of Systems by Functional Security Analysis [74] 42 Incorporating Attacks Modeling into Safety Process [75] 43 Introduction to Security and Quality Improvement in Complex Cyber-Physical Systems Engineering [76] 44 Investigating Attack Propagation in a SoS via a Service Decomposition [37] 45 IoTSAT: A formal framework for security analysis of the internet of things (IoT) [77] 46 Managing runtime re-engineering of a System-of-Systems for cybersecurity [78] 47 Model-Driven Software Security Architecture of Systems-of-Systems
  8. Model-based Development of a System of Systems Using Unified Architecture Framework (UAF): A Case Study [80] 49 Modeling human-technology interaction as a sociotechnical System of Systems [30] 50
  9. Modeling, analyzing, and predicting security cascading attacks in smart buildings systems-of-systems [38] 51 Nncs: Randomization and informed search for novel naval cyber strategies [27] 52 On Defense Strategies for Recursive System of Systems Using Aggregated Correlations [81] 53 Predictive Control in the Era of Networked Control and Communication-a Perspective [82] 54 Promoting trust in interoperability of systems-of-systems [39] 55 Safety vs. Security-related trade-offs and emergent behaviors in cyber-physical systems [83] 56 Securing System-of-Systems through a Game Theory Approach [84] 57 Security and Autonomic Management in System of Systems [85] 58 Security Assessment of Systems of Systems [86] 59 Security Standard Compliance Verification in System of Systems [87] 60
  10. Smart City Security Issues: Depicting information security issues in the role of an urban environment [88] 61 Strategic foresight and resilience through cyber-wargaming [89] 62 System of Systems Characterization assisting Security Risk Assessment [90] 63 System of Systems Composition Based on Decentralized Service-Oriented Architecture [91] 64 System of Systems dependability-Theoretical models and applications examples [92] 65 System of Systems Security [93] 66 System security requirements analysis: A smart grid case study [94] 67 Threat Analysis in Systems-of-Systems: An Emergence-Oriented Approach [95] 68 Toward Attack Models in Autonomous Systems of Systems [96] 69 Toward Methodological Support for Secure Architectures of Software-intensive Systems-of-systems
  11. Toward Model-Driven Architecture and Analysis of System of Systems Access Control [98] 71 Toward modeling and analyzing non-functional properties of systems of systems [99] 72 Toward Security Software Engineering the Smart Grid as a System of Systems [100] [104] 79 Challenges in security engineering of systems-of-systems [105] 80
  12. Communications, information, and cybersecurity in systems-of-systems: assessing the impact of attacks through interdependency analysis [106] 81 Critical infrastructure protection: a twenty-first century challenge [107] 82 Cyber-physical systems security: A survey [108] 83 Development of Secure System of Systems Needing a Rapid Deployment [109] 84 Misbehavior monitoring on system-of-systems components [110] 85 Securing complex system-of-systems compositions [111] 86 Security engineering in a system of systems environment [112] 87 Systems of Systems with Security [113] References
  13. Graciano Neto, V. V., Guessi, M., Oliveira, L. B. R., Oquendo, F., Nakagawa, E. Y.: Investigating the model-driven development for systems-of-systems. In: Proceedings of the 2014 European Conference on Software Architecture Workshops -ECSAW '14, New York, New York, USA: ACM Press, 2007, pp. 1-8. https:// doi.org/10.1145/2642803.2642825
  14. Bianchi, T., Santos, D. S., Felizardo, K. R.: Quality attributes of systems-of-systems: a systematic literature review. In: Proceed- ings of the 3rd International Workshop on Software Engineering for Systems-of-Systems, SESoS 2015, pp. 23-30, (2015). https:// doi.org/10.1109/SESoS.2015.12
  15. Maier, M.W.: Architecting principles for systems-of-systems. Syst. Eng. 1, 267-284 (1998). https://doi.org/10.1002/(SICI )1520-6858(1998)1:4%3C267::AID-SYS3%3E3.0.CO;2-D
  16. Petković, M., Jonker, W.: Security, Privacy, and Trust in Mod- ern Data Management. Springer, Berlin (2007). https://doi.org/ 10.1007/978-3-540-69861-6
  17. Olivero, M. A., Bertolino, A., Dominguez-Mayo, F. J., Escalona, M. J., Matteucci, I.: Addressing security properties in systems of systems: challenges and ideas. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelli- gence and Lecture Notes in Bioinformatics), Vol. 11732 LNCS, pp. 138-146, (2019). https://doi.org/10.1007/978-3-030-30856- 8_10
  18. Kitchenham, B., Charters, S.: Guidelines for performing Sys- tematic Literature reviews in Software Engineering Version 2.3. Engineering 45(4ve), 1051 (2007). https://doi.org/10.1145/1134 285.1134500
  19. Petersen, K., Feldt, R., Mujtaba, S., Mattsson, M.: Systematic mapping studies in software engineering. In: 12th International Conference on Evaluation and Assessment in Software Engineer- ing, Vol. 17, p. 10, (2008). https://doi.org/10.1142/S021819400 7003112
  20. Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for con- ducting systematic mapping studies in software engineering: an update. Inf. Softw. Technol. (2015). https://doi.org/10.1016/j.in fsof.2015.03.007
  21. Boulding, K.E.: General systems theory-the skeleton of science. Manage. Sci. 2(3), 197-208 (1956)
  22. Maier, M. W.: Research challenges for systems-of-systems context: collaborative systems. In: Aerospace Corporation, pp. 1-6, (2005). Available: http://ieeexplore.ieee.org/stamp/st amp.jsp?tp=&arnumber=1571630&isnumber=33257
  23. Budgen, D., Brereton, P.: Performing systematic literature reviews in software engineering. In: Proceeding of the 28th International Conference on Software Engineering-ICSE '06, sn, (2006), p. 1051. https://doi.org/10.1145/1134285.1134500
  24. Klein, J., Van Vliet, H.: A systematic review of system-of-systems architecture. In: QoSA 2013 -Proceedings of the 9th International ACM Sigsoft Conference on the Quality of Software Archi- tectures, pp. 13-21, (2013). https://doi.org/10.1145/2465478.24 65490
  25. Nielsen, C.B., Larsen, P.G., Fitzgerald, J., Woodcock, J., Peleska, J.: Systems of systems engineering: basic concepts, model-based techniques, and research directions. ACM Comput. Surv. 48(2), 1-41 (2015). https://doi.org/10.1145/2794381
  26. Axelsson, J.: A systematic mapping of the research literature on system-of-systems engineering. In: 2015 10th System of Systems Engineering Conference (SoSE), pp. 18-23 (2015)
  27. Guessi, M., Neto, V. V. G., Bianchi, T., Felizardo, K. R., Oquendo, F., Nakagawa, E. Y.: A systematic literature review on the description of software architectures for systems of systems. In: Proceedings of the ACM Symposium on Applied Computing, Vol. 13-17-Apri, No. v, pp. 1433-1440, (2015). https://doi.org/ 10.1145/2695664.2695795
  28. Vargas, I. G., Gottardi, T., Teresinha, R., Braga, V.: Approaches for integration in system of systems: A systematic review. In: Pro- ceedings -4th International Workshop on Software Engineering for Systems-of-Systems, SESoS 2016, pp. 32-38, (2016). https:// doi.org/10.1145/2897829.2897835
  29. Daneva, M., Lazarov, B.: Requirements for smart cities: results from a systematic review of literature. In: 2018 12th Interna- tional Conference on Research Challenges in Information Science (RCIS), in International Conference on Research Challenges in Information Science, Vol. 2018-May. IEEE, May 2018, pp. 1-6. https://doi.org/10.1109/RCIS.2018.8406655
  30. Olivero, M.A., Bertolino, A., Dominguez-Mayo, F.J., Matteucci, I., Escalona, M.J.: A delphi study to recognize and assess systems of systems vulnerabilities. Inf. Softw. Technol. 68, 74 (2022). https://doi.org/10.1016/j.infsof.2022.106874
  31. Wohlin, C.: Guidelines for snowballing in systematic literature studies and a replication in software engineering. ACM Int. Conf. Proc. Ser. (2014). https://doi.org/10.1145/2601248.2601268
  32. Johannesson, P., Perjons, E.: An Introduction to Design Sci- ence.
  33. Springer, Cham (2014). https://doi.org/10.1007/978-3-319- 10632-8
  34. DoD: Chapter 4-Systems Engineering. In: DoD Defense Aqui- sition Guidebook, (2004)
  35. Dahmann, J. S., Baldwin, K. J.: Understanding the current state of US defense systems of systems and the implications for systems engineering. In: 2008 IEEE International Systems Conference Proceedings, SysCon 2008, pp. 99-105 (2008). https://doi.org/ 10.1109/SYSTEMS.2008.4518994
  36. Shull, F., Singer, J., Sjoberg, D. I. K.: Guide to Advanced Empiri- cal Software Engineering, (2008). https://doi.org/10.1007/978-1- 84800-044-5
  37. Zhou, X., Jin, Y., Zhang, H., Li, S., Huang, X.: A map of threats to validity of systematic literature reviews in software engineering. In: Proceedings of the Asia-Pacific Software Engineering Confer- ence, APSEC, (2016). https://doi.org/10.1109/APSEC.2016.031
  38. He, F., Agwuegbo, C., Rao, N. S. V., Ma, C. Y. T.: A sequen- tial game of defense and attack on an interdependent system of systems. In: 2018 21st International Conference on Information Fusion, FUSION 2018, pp. 2535-2541 (2018). https://doi.org/10. 23919/ICIF.2018.8455314
  39. Pieters, W.: Defining 'the weakest link': comparative security in complex systems of systems. In: 2013 IEEE 5th Interna- tional Conference on Cloud Computing Technology and Science (CLOUDCOM), Vol 2. International Conference on Cloud Com- puting Technology and Science, pp. 39-44 (2013). https://doi.org/ 10.1109/CloudCom.2013.101
  40. Rubin, S.H., Bouabana-Tebibel, T.: Nncs: Randomization and informed search for novel naval cyber strategies. Stud. Comput. Intell. 621, 193-223 (2015). https://doi.org/10.1007/978-3-319- 26450-9_8
  41. Montanari, M., Campbell, R. H., Sampigethaya, K., Li, M. : A security policy framework for eEnabled fleets and airports. In: 2011 Aerospace Conference, pp. 1-11 (2011). https://doi.org/10. 1109/AERO.2011.5747379
  42. Causevic, A.: A risk and threat assessment approaches overview in autonomous systems of systems. In: 2017 XXVI International conference on Information, Communication and Automation Technologies (ICAT), Institute of Electrical and Electronics Engi- neers Inc., pp. 1-6 (2017). https://doi.org/10.1109/ICAT.2017.81 71624
  43. Turnley, J., et al.: Modeling human-technology interaction as a sociotechnical system of systems. In: 2017 12th System of Sys- tems Engineering Conference (SOSE), (2017)
  44. Silva, E., Batista, T., Oquendo, F.: A mission-oriented approach for designing system-of-systems. In: 015 10th System of Sys- tems Engineering Conference (SoSE), IEEE, pp. 346-351 (2015). https://doi.org/10.1109/SYSOSE.2015.7151951
  45. Maksuti, S., et al.: Automated and secure onboarding for system of systems. IEEE Access 9, 111095-111113 (2021). https://doi. org/10.1109/ACCESS.2021.3102280
  46. Malik, A. A., Mahboob, A., Khan, A., Zubairi, J.: Application of cyber security in emerging C4ISR systems, (2011). https://doi. org/10.4018/978-1-60960-851-4.ch012
  47. Nichols, C., Dove, R.: Architectural patterns for self-organizing systems-of-systems. In: 21st Annual International Symposium of the International Council on Systems Engineering, INCOSE 2011, pp. 851-862 (2011). https://doi.org/10.1002/j.2334-5837.2011.tb 01246.x
  48. Olivero, M.A., Bertolino, A., Domínguez-Mayo, F.J., Escalona, M.J., Matteucci, I.: Digital persona portrayal: Identifying pluri- dentity vulnerabilities in digital life. J. Inf. Secur. Appl. 52, 102492 (2020). https://doi.org/10.1016/j.jisa.2020.102492
  49. Finke, M., de Waard, P., Recchilongo, P., Lahaije, R., Baumann, U.: Validating a European ATM security system architecture. In: 2018 IEEE/AIAA 37th Digital Avionics Systems Confer- ence (DASC). IEEE-AIAA Digital Avionics Systems Conference. IEEE, pp. 27-35 (2018). https://doi.org/10.1109/DASC.2018.85 69498
  50. Lisova, E., El Hachem, J., Causevic, A.: Investigating attack prop- agation in a SoS via a service decomposition. In: G. M. O. K. R.-M. S. S. Y. W. S. W. Z. Chang C.K., Chen P. (Ed.), 2019 IEEE World Congress on Services (SERVICES), Institute of Electrical and Electronics Engineers Inc., pp. 9-14 (2019). https://doi.org/ 10.1109/SERVICES.2019.00017
  51. Hachem, J.E.L., et al.: Modeling, analyzing and predicting secu- rity cascading attacks in smart buildings systems-of-systems. J. Syst. Softw. 162, 110484 (2020). https://doi.org/10.1016/j.jss. 2019.110484
  52. Allian, A. P., Paulo, S., Allian, A. P.: Promoting trust in inter- operability of systems-of-systems. In: Proceedings of the 13th European Conference on Software Architecture-ECSA '19 - volume 2, vol. 2, pp. 67-70, (2019). https://doi.org/10.1145/33 44948.3344953
  53. Nicklas, J., Mamrot, M., Winzer, P., Lichte, D., Marchlewitz, S., Wolf, K.: Use case based approach for an integrated consideration of safety and security aspects for smart home applications. In: 2016 11th System of Systems Engineering Conference (SoSE), pp. 1-6 (2016). https://doi.org/10.1109/SYSOSE.2016.7542908
  54. Corallo, A., Lazoi, M., Lezzi, M., Luperto, A.: Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. In: Computers in Industry, vol. 137.
  55. Elsevier B.V., (2022). https://doi.org/10.1016/j.compind.2022.10 3614
  56. Chen, D., Meinke, K., Ostberg, K., Asplund, F., Baumann, C.: A knowledge-in-the-loop approach to integrated safety and security for cooperative system-of-systems. In: 2015 IEEE 7th Inter- national Conference on Intelligent Computing and Information Systems (ICICIS), pp. 13-20 (2015).
  57. Mexis, N., Anagnostopoulos, N. A., Chen, S., Bambach, J., Arul, T., Katzenbeisser, S.: A lightweight architecture for hardware- based security in the emerging era of systems of systems. In: ACM J Emerg Technol Comput Syst, vol. 17, no. 3, (2021). https://doi. org/10.1145/3458824
  58. Mohamed, N., Al-Jaroodi, J.: A middleware framework to address security issues in integrated multisystem applications. In: SysCon 2019-13th Annual IEEE International Systems Conference, Proceedings, (2019). https://doi.org/10.1109/SYSCON.2019.88 36792
  59. Hachem, J. E., Khalil, T. A., Chiprianov, V., Babar, A., Aniorte, P.: A model driven method to design and analyze secure archi- tectures of systems-of-systems. In; Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS, Institute of Electrical and Electronics Engi- neers Inc., pp. 166-169 (2017). https://doi.org/10.1109/ICECCS. 2017.31
  60. Adetoye, A., Creese, S., Goldsmith, M., Hopkins, P.: A modelling approach for interdependency in digital systems-of-systems secu- rity-extended abstract. In: Xenakis, C., Wolthusen, S. (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinfor- matics). Lecture Notes in Computer Science, vol. 6712 LNCS. Heidelberger platz 3, D-14197. Springer, Berlin, pp. 153-156 (2011). https://doi.org/10.1007/978-3-642-21694-7_13
  61. Javed, Y., Felemban, M., Shawly, T., Kobes, J., Ghafoor, A.: A partition-driven integrated security architecture for cyberphysi- cal systems. Computer (Long Beach Calif) 53(3), 47-56 (2020). https://doi.org/10.1109/MC.2019.2914906
  62. Hatzivasilis, G., Papaefstathiou, I., Manifavas, C., Papadakis, N.: A reasoning system for composition verification and security validation. In: 2014 6th International Conference on New Tech- nologies, Mobility and Security (NTMS), pp. 1-4 (2014). https:// doi.org/10.1109/NTMS.2014.6814001
  63. Ruiz, J. F., Rudolph, C., Mana, A., Arjona, M.: A security engi- neering process for systems of systems using security patterns. In: 2014 8th Annual IEEE Systems Conference (SYSCON). Annual IEEE Systems Conference, pp. 8-11 (2014)
  64. Trivellato, D., Zannone, N., Etalle, S.: A security framework for systems of systems. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, pp. 182-183 (2011). https://doi.org/10.1109/POLICY.2011.16
  65. D. el D. I. Abou-Tair, Alouneh, S., Khalifeh, A., Obermaisser, R.: A security framework for systems-of-systems. In: Park, J.J., Loia, V., Yi, G., Sung, Y. (Eds.), Advances in Computer Science and Ubiquitous Computing. Lecture Notes in Electrical Engineering, vol. 474, pp. 427-432 (2018). https://doi.org/10.1007/978-981- 10-7605-3_70
  66. Feng, N., Wang, H.J., Li, M.: A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Inf. Sci. 256, 57-73 (2014). https://doi.org/10.1016/j.ins.2013.02.036
  67. Aigner, A., Khelil, A.: A security scoring framework to quantify security in cyber-physical systems. In: Proceedings of the 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2021, Institute of Electrical and Electronics Engi- neers Inc., pp. 199-206 (2021). https://doi.org/10.1109/ICPS49 255.2021.9468168
  68. Carturan, S. B. O. G., Goya, D. H.: A systems-of-systems secu- rity framework for requirements definition in cloud environment. In: Proceedings of the 13th European Conference on Software Architecture -Volume 2, ECSA '19. New York, NY, USA: ACM, pp. 235-240 (2019). https://doi.org/10.1145/3344948.3344977
  69. Petratos, P., Faccia, A.: Accounting information systems and system of systems: assessing security with attack surface method- ology. In: Proceedings of 2019 3rd International Conference On Cloud And Big Data Computing (ICCBDC 2019). ICCBDC 2019. New York, USA: ACM, pp. 100-105 (2019). https://doi.org/10. 1145/3358505.3358513
  70. Olivero, M. A., Bertolino, A., Dominguez-Mayo, F. J., Escalona, M. J., Matteucci, I.: Addressing security properties in sys- tems of systems: challenges and ideas. In: Calinescu, R., Di Giandomenico, F., (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Sci- ence, vol. 11732.Springer, Cham, pp. 138-146 (2019). doi: https:// doi.org/10.1007/978-3-030-30856-8_10.
  71. Dahmann, J., Rebovich, G., Turner, G.: An actionable framework for system of systems and mission area security engineering. In: 2014 8th Annual IEEE Systems Conference (SYSCON), Annual IEEE Systems Conference, pp. 12-17 (2014). https://doi.org/10. 1109/SysCon.2014.6819229
  72. Canzani, E., Kaufmann, H., Lechner, U.: An operator-driven approach for modeling interdependencies in critical infrastruc- tures based on critical services and sectors. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artifi- cial Intelligence and Lecture Notes in Bioinformatics), vol. 10242 LNCS, pp. 308-320, (2017). https://doi.org/10.1007/978-3-319- 71368-7_27
  73. Lakshminarayanan, S., Souvannarnarth, M.: Applying model based systems engineering approach to smart grid software systems security requirements. In: 22nd Annual International Symposium of the International Council on Systems Engineer- ing, INCOSE 2012 and the 8th Biennial European Systems Engineering Conference 2012, EuSEC 2012, Rome, pp. 13-20 (2012). [Online]. Available: https://www.scopus.com/inward/re cord.uri?eid=2-s2.0-84883526951&partnerID=40&md5=d969 4907fae25abf87b6ecf6aefec6a3
  74. Khashooei, B. A., Vasenev, A., Kocademir, H. A., Mathijssen, R.: Architecting system of systems solutions with security and data-protection principles. In: 2021 16th International System of Systems Engineering Conference, SoSE 2021, Institute of Elec- trical and Electronics Engineers Inc., pp. 43-48 (2021). https:// doi.org/10.1109/SOSE52739.2021.9497461
  75. Ki-Aries, D.: Assessing security risk and requirements for sys- tems of systems. In: 2018 IEEE 26th International Requirements Engineering Conference (RE), pp. 454-459 (2018). https://doi. org/10.1109/RE.2018.00061
  76. Ki-Aries, D., Faily, S., Dogan, H., Williams, C.: Assessing sys- tem of systems security risk and requirements with OASoSIS. In: B. K. L. S.-W. Faily S., Mead N. (Eds.), 2018 IEEE 5th Inter- national Workshop on Evolving Security Privacy Requirements Engineering (ESPRE). Institute of Electrical and Electronics Engineers Inc., pp. 14-20 (2018). https://doi.org/10.1109/ESPRE. 2018.00009
  77. Burton, I., Straub, J.: Autonomous distributed electronic warfare system of systems. In: 2019 14th Annual Conference System of Systems Engineering (SOSE), pp. 96-101 (2019)
  78. Pelliccione, P., et al.: Beyond connected cars: a systems of systems perspective. Sci. Comput. Program. 191, 102414 (2020). https:// doi.org/10.1016/j.scico.2020.102414
  79. Lisova, E., Čaušević, A., Uhlemann, E., Björkman, M.: Clock synchronization considerations in security informed safety assur- ance of autonomous systems of systems. In: IECON 2017 -43rd Annual Conference of the IEEE Industrial Electronics Society, pp. 8385-8390 (2017). https://doi.org/10.1109/IECON.2017.82 17473
  80. Wan, K., Alagar, V.: Context-aware security solutions for cyber physical systems. In: Vinh, P.C., Hung, N.M., Tung, N.T., Suzuki, J. (Eds.), Context-Aware Systems and Applications, (ICCASA 2012). Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, vol. 109, pp. 18-29 (2013)
  81. Ashiku, L., Dagli, C.: Cybersecurity as a centralized directed system of systems using SoS explorer as a tool. In: 2019 14th Annual Conference System of Systems Engineering, SoSE 2019, pp. 140-145 (2019). https://doi.org/10.1109/SYSOSE.2019.87 53872
  82. Axelrod, C. W.: Cybersecurity challenges of systems-of-systems for fully-autonomous road vehicles. In: 2017 13th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT), pp. 1-6 (2017). https://doi.org/10.1109/CEWIT. 2017.8263141
  83. Straub, J., et al.: CyberSecurity considerations for an intercon- nected self-driving car system of systems. In: 2017 12th System of Systems Engineering Conference (SOSE), (2017)
  84. Fitzgerald, J., Riddle, S., Casoto, P., Kristensen, K.: Dependable system of systems engineering: the COMPASS project. ERCIM NEWS 97, 26-27 (2014)
  85. Hofer, F.: Enhancing security and reliability for smart-systems' architectures. In: 2018 IEEE International Symposium on Soft- ware Reliability Engineering Workshops (ISSREW), pp. 150-153 (2018). https://doi.org/10.1109/ISSREW.2018.000-8
  86. El Hachem, J., et al.: Extending a multi-agent systems simulation architecture for systems-of-systems security analysis to cite this version: HAL Id: hal-01908398 Extending a Multi-Agent Sys- tems Simulation Architecture for Systems-of-Systems Security Analysis, (2018)
  87. Cioroaica, E., Purohit, A., Buhnova, B., Schneider, D.: Goals within trust-based digital ecosystems. In: Proceedings -2021 IEEE/ACM Joint 9th International Workshop on Software Engineering for Systems-of-Systems and 15th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems, SESoS/WDES 2021, Institute of Electrical and Electronics Engineers Inc., pp. 1-7 (2021). https://doi.org/10. 1109/SESoS-WDES52566.2021.00006
  88. Fuchs, A., Rieke, R.: Identification of security requirements in systems of systems by functional security analysis. In: Casimiro, A., DeLemos, R., Gacek, C. (Eds.), Architecting Dependable Systems VII. Lecture Notes in Computer Science, vol. 6420. Hei- delberger platz 3, D-14197. Springer, Berlin, pp. 74-96 (2010). https://doi.org/10.1007/978-3-642-17245-8
  89. Surkovic, A., et al.: Incorporating attacks modeling into safety process. In: Gallina, B., kavhaug, A., Schoitsch, E., Bitsch, F. (Eds.), Computer Safety, Reliability, and Security, SAFECOMP 2018. Lecture Notes in Computer Science, vol. 11094. Gewerbe- strasse 11, Cham, CH-6330, Switzerland: Springer international publishing AG, pp. 31-41 (2018). https://doi.org/10.1007/978-3- 319-99229-7_4
  90. Biffl, S., Eckhart, M., Lüder, A., Weippl, E.L Introduction to secu- rity and quality improvement in complex cyber-physical systems engineering. In: Security and Quality in Cyber-Physical Systems Engineering. Springer, Cham, pp. 1-29 (2019). https://doi.org/10. 1007/978-3-030-25312-7_1
  91. Mohsin, M., Anwar, Z., Husari, G., Al-Shaer, E., Rahman, M. A.: IoTSAT: A formal framework for security analysis of the internet of things (IoT). In: 2016 IEEE Conference on Commu- nications and Network Security, CNS 2016, IEEE Conference on Communications and Network Security. Institute of Electrical and Electronics Engineers Inc., pp. 180-188 (2017). https://doi. org/10.1109/CNS.2016.7860484
  92. Waller, A., Craddock, R.: Managing runtime re-engineering of a System-of-Systems for cyber security. In: 2011 6th International Conference on System of Systems Engineering, Albuquerque, NM, pp. 13-18 (2011). https://doi.org/10.1109/SYSOSE.2011.59 66566
  93. El Hachem, J., et al.: Model driven software security architecture of systems-of-systems. In: R. S. D. J. Potanin A., Murphy G.C. (Eds.), Proceedings -Asia-Pacific Software Engineering Confer- ence, APSEC, IEEE Computer Society, pp. 89-96 (2016). https:// doi.org/10.1109/APSEC.2016.023
  94. Eichmann, O. C., Melzer, S., God, R.: Model-based develop- ment of a system of systems using unified architecture framework (UAF): a case study. In: 2019 IEEE International Systems Confer- ence (SysCon), Institute of Electrical and Electronics Engineers Inc., pp. 1-8 (2019). https://doi.org/10.1109/SYSCON.2019.88 36749
  95. Rao, N. S. V., Ma, C. Y. T., He, F.: On defense strategies for recur- sive system of systems using aggregated correlations. In: 2018 21st International Conference on Information Fusion (FUSION), pp. 507-514 (2018)
  96. Lucia, S., Kögel, M., Zometa, P., Quevedo, D.E.E., Findeisen, R.: Predictive control in the era of networked control and commu- nication-a perspective. IFAC-PapersOnLine 48(23), 322-331 (2015). https://doi.org/10.1016/j.ifacol.2015.11.302
  97. Schoitsch, E.: Safety versus security-related trade-offs and emergent behaviours in cyber-physical systems. In: IDIMT 2013-Information Technology Human Values, Innovation and Economy, 21st Interdisciplinary Information Management Talks, Prague, 2013, pp. 181-196. [Online]. Available: https://www. scopus.com/inward/record.uri?eid=2-s2.0-84896816527&partne rID=40&md5=f86758a419963b0d4d3b535a4f142382
  98. El Hachem, J., Lisova, E., Cauševic, A.: Securing system-of- systems through a game theory approach. In: Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery, pp. 1443-1446 (2021). https://doi.org/10. 1145/3412841.3442125
  99. Maksuti, S., Zsilak, M., Tauber, M., Delsing, J.: Security and auto- nomic management in system of systems. Infocommun. J. 13(3), 66-75 (2021). https://doi.org/10.36244/ICJ.2021.3.7
  100. Olivero, M. A., et al.: Security assessment of systems of sys- tems. In: Proceedings of the 2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems and 13th Workshop on Distributed Software Development, Soft- ware Ecosystems and Systems-of-Systems, SESoS-WDES 2019, pp. 62-65, (2019). https://doi.org/10.1109/SESoS/WDES.2019. 00017
  101. Bicaku, A., Zsilak, M., Theiler, P., Tauber, M., Delsing, J.: Secu- rity standard compliance verification in system of systems. IEEE Syst. J. (2021). https://doi.org/10.1109/JSYST.2021.3064196
  102. Ferraz, F. S., Guimaraes Ferraz, C. A.: Smart City Security Issues: Depicting information security issues in the role of a urban envi- ronment. In: 2014 IEEE/ACM 7th International Conference on Utility And Cloud Computing (UCC), International Conference on Utility and Cloud Computing, pp. 842-847 (2014)
  103. Ormrod, D., Scott, K.: Strategic foresight and resilience through cyber-wargaming. In: European Conference on Information Warfare and Security, ECCWS, pp. 319-327 (2019). [Online]. Available: https://www.scopus.com/inward/record.uri?eid=2-s2. 0-85070015147&partnerID=40&md5=e27d26e902877268806c 0a6ce2e2a103
  104. Ki-Aries, D., Faily, S., Dogan, H., Williams, C.: System of systems characterisation assisting security risk assessment. In: 2018 13th Annual Conference On System of Systems Engineering (SOSE), pp. 485-492 (2018)
  105. Derhamy, H., Eliasson, J., Delsing, J.: System of system compo- sition based on decentralized service-oriented architecture. IEEE Syst. J. 13(4), 3675-3686 (2019). https://doi.org/10.1109/JSYST. 2019.2894649
  106. Bukowski, L.: System of systems dependability-theoretical models and applications examples. Reliab. Eng. Syst. Saf. 151, 76-92 (2016). https://doi.org/10.1016/j.ress.2015.10.014
  107. Madan, B. B.: System of systems security. In: Rainey, L.B., Tolk, A (Eds.), Modeling and Simulation Support for System of Systems Engineering Applications, pp. 565-580 (2015). https://doi.org/10. 1002/9781118501757.ch21
  108. Zafar, N., Arnautovic, E., Diabat, A., Svetinovic, D.: System secu- rity requirements analysis: a smart grid case study. Syst. Eng. 17(1), 77-88 (2014). https://doi.org/10.1002/sys.21252
  109. Ceccarelli, A., et al.: Threat analysis in systems-of-systems: an emergence-oriented approach. ACM Trans. Cyber-Phys. Syst. 3(2), 18:1-18:24 (2018). https://doi.org/10.1145/3234513
  110. Surkovic, A., et al.: Towards attack models in autonomous sys- tems of systems. In: 2018 13th System of Systems Engineering Conference, SoSE 2018, Institute of Electrical and Electronics Engineers Inc., pp. 583-585 (2018). https://doi.org/10.1109/SY SOSE.2018.8428701
  111. El Hachem, J., Chiprianov, V., Babar, A., Aniorte, P.: Towards methodological support for secure architectures of software- intensive systems-of-systems. In: Proceedings of the International Colloquium on Software-intensive Systems-of-Systems at 10th European Conference on Software Architecture, SiSoS@ECSA '16. New York, NY, USA: ACM, pp. 9:1--9:6 (2016). https://doi. org/10.1145/3175731.3176178
  112. El Hachem, J.: Towards model driven architecture and analysis of system of systems access control. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol 2, pp. 867-870 (2015). https://doi.org/10.1109/ICSE.2015.280
  113. Chiprianov, V., Falkner, K., Gallon, L., Munier, M.: Towards modelling and analysing non-functional properties of systems of systems. In: CooK, S., Ireland, V., Gorod, A., Ferris, T., Do, Q. (Eds.), Proceedings of the 9th International Conference on System of Systems Engineering: The Socio-Technical Perspec- tive, SoSE 2014, pp. 289-294 (2014). https://doi.org/10.1109/SY SOSE.2014.6892503
  114. Chiprianov, V., Gallon, L., Salameh, K., Munier, M., El Hachem, J., El Hachem, J.: Towards security software engineering the smart grid as a system of systems. In: 2015 10th System of Systems Engineering Conference (SOSE), IEEE, pp. 77-82 (2015). https:// doi.org/10.1109/SYSOSE.2015.7151950
  115. Rein, A., Rieke, R., Jaeger, M., Kuntze, N., Coppolino, L.: Trust establishment in cooperating cyber-physical systems. In: Becue, A., CuppensBoulahia, N., Cuppens, F., Katsikas, S., Lambri- noudakis, C (Eds.), Security of Industrial Control Systems and Cyber Physical Systems. Lecture Notes in Computer Science, vol.
  116. Gewerbestrasse 11, Cham, Ch-6330, Switzerland: Springer International Publishing AG, pp. 31-47 (2016). https://doi.org/ 10.1007/978-3-319-40385-4_3
  117. El Hachem, J., Sedaghatbaf, A., Lisova, E., Causevic, A.: Using Bayesian networks for a cyberattacks propagation anal- ysis in systems-of-systems. In: 2019 26th Asia-Pacific Soft- ware Engineering Conference (APSEC), in Asia-Pacific Software Engineering Conference, vol. 2019-Decem. IEEE, Dec. 2019, pp. 363-370. https://doi.org/10.1109/APSEC48747.2019.00056
  118. Belloir, N., Chiprianov, V., Ahmad, M., Munier, M., Gallon, L., Bruel, J.-M. M.: Using relax operators into an MDE secu- rity requirement elicitation process for systems of systems. In: Proceedings of the 2014 European Conference on Software Archi- tecture Workshops, in ECSAW '14. New York, NY, USA: ACM, pp. 32:1-32:4 (2014). https://doi.org/10.1145/2642803.2642835
  119. Aigner, A., Khelil, A.: A scoring system to efficiently measure security in cyber-physical systems. In: 2020 IEEE 19th Interna- tional Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, pp. 1141-1145 (2020). https://doi.org/10.1109/TrustCom50675.2020.00151
  120. Chiprianov, V., Gallon, L., Munier, M., Aniorte, P., Lalanne, V.: Challenges in security engineering of systems-of-systems. In: Troisiéme Conférence en Ingénierie du Logiciel, no. June, pp. 137-151, (2014). Available: http://munier.perso.univ-pau.fr/ research/papers/2014/2014-CIEL/CIEL_2014_VC_LG_MM_ PAn_VL_actes.pdf
  121. Guariniello, C., DeLaurentis, D.: Communications, information, and cyber security in systems-of-systems: assessing the impact of attacks through interdependency analysis. Procedia Comput. Sci. 28(Cser), 720-727 (2014). https://doi.org/10.1016/j.procs.2014. 03.086
  122. Merabti, M., Kennedy, M., Hurst, W.: Critical infrastructure protection: A 21st century challenge. In: 2011 International Con- ference on Communications and Information Technology, ICCIT 2011, pp. 1-6 (2011). https://doi.org/10.1109/ICCITECHNOL. 2011.5762681
  123. Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security-a survey. IEEE Internet Things J. (2017). https://doi. org/10.1109/JIOT.2017.2703172
  124. Messe, N., Belloir, N., Chiprianov, V., Cherfa, I., Fleurquin, R., Sadou, S.: Development of secure system of systems needing a rapid deployment. In: 2019 14th Annual Conference System of Systems Engineering (SOSE), 345 E 47th St, New York, NY 10017 USA: IEEE, pp. 152-157 (2019)
  125. Shone, N., Shi, Q., Merabti, M., Kifayat, K.: Misbehaviour moni- toring on system-of-systems components. In: Crispo, B., Sandhu, R., CuppensBoulahia, N., Conti, M., Lanet, J.L., (eds.), 2013 International Conference on Risks and Security of Internet and Systems (CRISIS), in International Conference on Risks and Security of Internet and Systems (2013)
  126. Shone, N., Shi, Q., Merabti, M., Kifayat, K.: Securing complex system-of-systems compositions. In: European Conference on Information Warfare and Security, ECCWS, pp. 370-379 (2013). [Online]. Available: https://www.scopus.com/inward/record.uri? eid=2-s2.0-84893433123&partnerID=40&md5=dc00401df5ee 53497d159e63a6632059
  127. Dahmann, J., Rebovich, G., McEvilley, M., Turner, G.: Security engineering in a system of systems environment. In: 2013 7th annual IEEE international systems conference (SYSCON 2013), in Annual IEEE Systems Conference, pp. 364-369 (2013). https:// doi.org/10.1109/SysCon.2013.6549907
  128. Lauritsen, R. W.: Systems of systems with security, p. 30,34, (2013)

Related papers

Addressing Security Properties in Systems of Systems: Challenges and Ideas
Ilaria Matteucci

Lecture Notes in Computer Science, 2019

Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research frontier. A SoS is formed by a set of constituent systems that live on their own with well-established functionalities and requirements, and, in certain circumstances, they must collaborate to achieve a common mission. In this scenario, security is one crucial property that needs to be considered since the early stages of SoS lifecycle. Unfortunately, SoS security cannot be guaranteed by addressing the security of each constituent system separately. The aim of this paper is to discuss the challenges faced in addressing the security of SoS and to propose some research ideas centered around the notion of a mission to be carried out by the SoS.

View PDFchevron_right
Poster: protecting information in systems of systems
Sandro Etalle

2011

Systems of Systems (SoS) are dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the SoS paradigm has a strong impact on system interoperability and on the security requirements of collaborating parties. In this demo we present a prototype implementation of POLIPO, a security framework that combines context-aware access control with trust management and ontology-based services to protect information in SoS.

View PDFchevron_right
Systems-of-Systems Issues in Security Engineering
Jennifer Bayuk

INSIGHT, 2011

SPECIAL FEATURE SoS configuration. An example visualisation is depicted in figure 4. Conclusions The implementation of the high-level security requirements deriving from data policies is critical to gaining participation of systems in an SoS by reassuring systems managers and owners about the use and dissemination of their data. This short article illustrates an overview of a model-based approach that we have introduced to support SoS security engineering for data policies. The approach includes the formal definition of a data-policy concept and intuitive methods for the derivation of high-level security requirements. The approach also includes the injection of these high-level security requirements in the definition of the SoS's functional architecture. Similarly, it is possible to verify that the physical SoS architecture meets the high-level security requirements. The approach is part of the European Space Agency Architectural Framework, thus providing an integrated means for security engineering within the entire SoS engineering process. Graphical and interactive visualisation tools are also provided to more effectively manage the design complexity of the architectural and security issues. References

View PDFchevron_right
Security Assessment of Systems of Systems
Ilaria Matteucci

2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems (SESoS) and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems (WDES)

Engineering Systems of Systems is one of the new challenges of the last few years. This depends on the increasing number of systems that must interact one with another to achieve a goal. One peculiarity of Systems of Systems is that they are made of systems able to live on their own with well-established functionalities and re quirements, and that are not necessarily aware of the joint mission or prepared to collaborate. In this emergent sce nario, security is one crucial aspect that must be consid ered from the very beginning. In fact, the security of a Sys tem of Systems is not automatically granted even if the se curity of each constituent system is guaranteed. The aim of this paper is to address the problem of assessing security properties in Systems of Systems. We discuss the specific security aspects of such emergent systems, and propose the TeSSoS approach, which includes modelling and test ing security properties in Systems of Systems and intro duces the Red and Blue Requirements Specification con cepts.

View PDFchevron_right
Challenges in Security Engineering of Systems-of-Systems
Manuel Munier

Systems of systems (SoS) are large-scale systems composed of complex systems with difficult to predict emergent properties. One of the most significant challenges in the engineering of such systems is how to model and analyze their Non-Functional Properties (NFP), such as security. In this review paper we identify, describe, analyze and categorize challenges to security engineering for SoS. This catalog of challenges offers a road-map of major directions for future research activities, and a set of requirements against which present and future solutions of security for SoS can be evaluated.

View PDFchevron_right

Related topics

  • Engineering
  • Mathematics
  • Computer Science
  • Distributed Computing
  • Information Security
  • Computer Security
  • Pure Mathematics
  • Medicine
  • Data Science
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved