Ehemalige FH Mitarbeiterin
Scopus Author ID
Now showing 1 - 10 of 15
- PublicationEstablishing a Chain of Trust in a Sporadically Connected Cyber-Physical SystemDrone based applications have progressed significantly in recent years across many industries, including agriculture. This paper proposes a sporadically connected cyber-physical system for assisting winemakers and minimizing the travel time to remote and poorly connected infrastructures. A set of representative diseases and conditions, which will be monitored by land-bound sensors in combination with multispectral images, is identified. To collect accurate data, a trustworthy and secured communication of the drone with the sensors and the base station should be established. We propose to use an Internet of Things framework for establishing a chain of trust by securely onboarding drones, sensors and base station, and providing self-adaptation support for the use case. Furthermore, we perform a security analysis of the use case for identifying potential threats and security controls that should be in place for mitigating them.
- PublicationImpact of Critical Infrastructure Requirements on Service Migration Guidelines to the CloudA high level of information security in critical infrastructure IT systems and services has to be preserved when migrating their IT services to the cloud. Often various legislative and security constraints have to be met in line with best practice guidelines and international standards to perform the migration. To support the critical infrastructure providers in migrating their services to the cloud we are developing a process based migration guideline for critical infrastructure providers focusing on information security. First of all we investigate, via questionnaires, how the importance of individual security topics covered in such guidelines differentiates between industry stakeholders and critical infrastructure providers. This supports the selection of relevant security topics and the considered guidelines and standards, which we survey in search for common relevant security topics. Subsequently we present the analysis of the above-mentioned security requirements and how they affect a here developed taxonomy for a process-based security guideline. Furthermore we present potential service migration use cases and how our methodology would affect the migration of secure critical infrastructure services.
149Scopus© Citations 4
- PublicationTowards trustworthy end-to-end communication in industry 4.0Industry 4.0 considers integration of IT and control systems with physical objects, software, sensors and connectivity in order to optimize manufacturing processes. It provides advanced functionalities in control and communication for an infrastructure that handles multiple tasks in various locations automatically. Automatic actions require information from trustworthy sources. Thus, this work is focused on how to ensure trustworthy communication from the edge devices to the backend infrastructure. We derive a meta-model based on RAMI 4.0, which is used to describe an end-to-end communication use case for an Industry 4.0 application scenario and to identify dependabilities in case of security challenges. Furthermore, we evaluate secure messaging protocols and the integration of Trusted Platform Module (TPM) as a root of trust for dataexchange. We define a set of representative measurable indicator points based on existing standards and use them for automated dependability detection within the whole system.
173Scopus© Citations 13
- PublicationTowards a Security Baseline for IaaS-Cloud Back-Ends in Industry 4.0The popularity of cloud based Infrastructure-as-a- Service (IaaS) solutions is becoming increasingly popular. However, since IaaS providers and customers interact in a flexible and scalable environment, security remains a serious concern. To handle such security issues, defining a set of security parameters in the service level agreements (SLA) between both, IaaS provider and customer, is of utmost importance. In this paper, the European Network and Information Security Agency (ENISA) guidelines are evaluated to extract a set of security parameters for IaaS. Furthermore, the level of applicability and implementation of this set is used to assess popular industrial and open-source IaaS cloud platforms, respectively VMware and OpenStack. Both platforms provide private clouds, used as backend infrastructures in Industry 4.0 application scenarios. The results serve as initial work to identify a security baseline and research needs for creating secure cloud environments for Industry 4.0.
171Scopus© Citations 4
- PublicationOperations security evaluation of IaaS-cloud backend for industry 4.0The fast growing number of cloud based Infrastructure-as-a-Service instances raises the question, how the operations security depending on the underlying cloud computing infrastructure can be sustained and guaranteed. Security standards provide guidelines for information security controls applicable to the provision and use of the cloud services. The objectives of operations security are to support planning and sustaining of day-to-day processes that are critical with respect to security of information environments. In this work we provide a detailed analysis of ISO 27017 standard regarding security controls and investigate how well popular cloud platforms can cater for them. The resulting gap of support for individual security controls is furthermore compared with outcomes of recent cloud security research projects. Hence the contribution is twofold, first we identify a set of topics that still require research and development and secondly, as a practical output, we provide a comparison of popular industrial and open-source platforms focusing on private cloud environments, which are important for Industry 4.0 use cases.
204Scopus© Citations 1
- PublicationConnected cars — Threats, vulnerabilities and their impactThe growing demand for interoperability between system components within a connected car has led to new security challenges in automotive development. The existing components, based on established technology, are often being combined to form such a connected car. For such established technologies, individual, often sector specific threat and vulnerability catalogs exist. The aim of this paper is to identify blocks of established technologies in a connected car and to consolidate the corresponding threat and vulnerability catalogs relevant for the individual constituent components. These findings are used to estimate the impact on specific system components and subsystems to identify the most crucial components and threats.
212Scopus© Citations 13
- PublicationOn the Cost of Security Compliance in Information SystemsThe onward development of information and communication technology has led to a new industrial revolution called Industry 4.0. This revolution involves Cyber-Physical Production Systems (CPPS), which consist of intelligent Cyber-Physical Systems that may be able to adapt themselves autonomously in a production environment. At the moment, machines in industrial environments are often not connected to the internet, which thus needs a point-to-point connection to access the device if necessary. Through Industry 4.0, these devices should enable remote access for smart maintenance through a connection to the outside world. However, this connection opens the gate for possible cyber-attacks and thus raises the question about providing security for these environments. Therefore, this paper used an adapted approach based on SixSigma to solve this security problem by investigating security standards. Security requirements were gathered and mapped to controls from well known security standards, formed into a catalog. This catalog includes assessment information to check how secure a solution for a use case is and also includes a link to an estimation method for implementation cost. Thus this paper’s outcome shows how to make Industry 4.0 use cases secure by fulfilling security standard controls and how to estimate the resulting implementation costs.
- PublicationSelf-Adaptation Applied to MQTT via a Generic Autonomic Management FrameworkManufacturing enterprises are constantly exploring new ways to improve their own production processes to address the increasing demand of customized production. However, such enterprises show a low degree of flexibility, which mainly results from the need to configure new production equipment at design and run time. In this paper we propose self-adaptation as an approach to improve data transmission flexibility in Industry 4.0 environments. We implement an autonomic manager using a generic autonomic management framework, which applies the most appropriate data transmission configuration based on security and business process related requirements, such as performance. The experimental evaluation is carried out in a MQTT infrastructure and the results show that using self-adaptation can significantly improve the trade-off between security and performance. We then propose to integrate anomaly detection methods as a solution to support self-adaptation by monitoring and learning the normal behavior of an industrial system and show how this can be used by the generic autonomic management framework.
471Scopus© Citations 4
- PublicationGeneric Autonomic Management as a Service in a SOA-based Framework for Industry 4.0Cyber-physical production systems are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components. In order to make these systems interoperable with each other for addressing Industry 4.0 applications a number of service-oriented architecture frameworks are developed. Such frameworks are composed by a number of services, which are inherently dynamic by nature and thus imply the need for self-adaptation. In this paper we propose generic autonomic management as a service and show how it can be integrated in the Arrowhead framework. We propose generic and reusable interfaces for each phase of the autonomic control loop in order to increase the usability of the service for other frameworks and application systems, while reducing the software engineering effort. To show the utility of our approach in the Arrowhead framework we use a climate control application as a representative example.
424Scopus© Citations 10