Modeling Resiliency and Its Essential Components for Cyberphysical Systems
This paper presents an initial approach related to modeling resiliency for cyberphysical systems. It discusses the concept and definitions of resiliency and outlines the process of building a model of resiliency. Through analogies with feedback control and fault tolerance, the Design for Resilience is addressed, where the design of the controller component of a cyberphysical system needs to account for potential safety hazards and security threats, with awareness of its internal faults and vulnerabilities. This model is validated against other approaches to modeling resilience described in the literature, followed by a discussion of the resilience metrics. The paper concludes with presenting the strategy of modeling resiliency, based on the assumption that one cannot guarantee absolute protection against attacks, or failures, but can aim at providing successful recovery after disruptions. With safety and security as essential resiliency components, an extended model is proposed involving an attacker, suggesting appropriate performance metric reflecting the distance between the normal state and the degraded state. A model-based environment Möbius, from the University of Illinois, is considered in helping to evaluate resiliency under various operational scenarios. (original abstract)
- Zimmerman M.A., Resiliency Theory: A Strengths-Based Approach to Research and Practice for Adolescent Health, Health Education and Behavior, Vol. 40, No. 4, pp. 381- 383, August 2013.
- Holling C., Resilience and stability of ecological systems. Annual Review of Ecology and Systematics, Vol. 4, pp. 1-23, 1973.
- Christopher M., H. Peck, Building the Resilient Supply Chain. International Journal of Logistics Management, Vol. 15, No. 2, pp. 1- 14, 2004.
- Adjetey-Bahun K. et al., A simulation-based approach to quantifying resilience indicators in a mass transportation system, Proc. ISCRAM2014, 11th Int'l Conference on Information Systems for Crisis Response and Management, University Park, Penn., May 18-21 2014.
- Goerger S.R., A.M. Madni, O.J. Eslinger, Engineered Resilient Systems: A DoD Perspective, Procedia Computer Science, Vol. 28, pp. 865-872, 2014.
- Castano V., I. Schagaev, Resilient Computer System Design, Springer-Verlag, Heidelberg, 2015.
- Suri N., G. Cabri (eds.), Adaptive, Dynamic, and Resilient Systems. CRC Press, Boca Raton, Fla., 2014.
- Hollnagel, E. Pariès, J. Woods, D. D. & Wreathall, J. (eds.). Resilience Engineering Perspectives. Vol. 3: Resilience Engineering in Practice. Ashgate, Farnham, UK, 2011.
- Ellison R. J. et al., Survivable network systems: An emerging discipline. Technical Report CMU/SEI-97-TR-013, Software Engineering Institute, Pittsburgh, Penn., 1997.
- Allen J., N. Davis, Measuring Operational Resilience Using the CERT® Resilience Management Model, Technical Note CMU/SEI- 2010-TN-030. Software Engineering Institute, Pittsburgh, Penn., September 2010.
- Rieger C.G., K.L. Moore, T.L. Baldwin, Resilient Control Systems: A Multi-Agent Dynamic Systems Perspective. Proc. EIT 2013, IEEE International Conference on Electro/Information Technology, Rapid City, SD, May 9-11, 2013.
- Vugrin E.D., J. Turgeon, Advancing Cyber Resilience Analysis with Performance-based Metrics from Infrastructure Assessment. Int'l Journal of Secure Software Engineering, Vol. 4, No. 1, 2013.
- Alexander J.S., Achieving Mission Resilience for Space Systems. Spring 2012. URL: http://www.aerospace.org/2013/07/29/achievingmission-resilience-for-space-systems/
- Pietravalle R., D. Lanz, Resiliency Research Snapshot. The MITRE Corporation, Bedford, Mass., June 2011.
- Bodeau D., R. Graubart, Cyber Resiliency Assessment: Enabling Architectural Improvement, Technical Report MTR120407, The MITRE Corporation. Bedford, Mass., May 2013.
- Caralli R.A. et al., CERT® Resilience Management Model, v1.0. Technical Report CMU/SEI-2010-TR-012. Software Engineering Institute, Pittsburgh, Penn., 2010.
- Madni A.M., S. Jackson, Towards a Conceptual Framework for Resilience Engineering, IEEE Systems Journal, Vol. 3, No. 2, pp. 181- 191, June 2009.
- Teixeira A., Toward Cyber-Secure and Resilient Networked Control Systems. PhD Thesis, KTH Royal Institute of Technology, Stockholm, November 2014.
- Meyer, J. F. Defining and evaluating resilience: A performability perspective. Proc. PMCCC, Int'l Workshop on Performability Modeling of Computer and Communication Systems, Eger, Hungary, September 17-18, 2009.
- Bishop M. et al., Resilience Is More than Availability. Proc. NSPW'11, New Security Paradigms Workshop, Marin County, Calif., September 12-15, 2011, pp. 95-104.
- Strigini L., Fault Tolerance and Resilience: Meanings, Measures and Assessment, Resilience Assessment and Evaluation of Computing Systems, K. Wolter et al. (eds.), Springer-Verlag, Berlin, 2012.
- Athans M., P. Falb, Optimal Control. An Introduction to the Theory and Its Applications. McGraw-Hill, New York, 1966.
- Randell B. et al. (eds.), Predictably Dependable Computing Systems, Springer-Verlag, Berlin, 1995.
- Najjar W., J. Gaudiot, Network resilience: A measure of fault tolerance, IEEE Trans. Computers, Vol. 39, No. 2, pp. 174-181, February 1990.
- Axelrod W., Investing in Software Resiliency, CrossTalk: The Journal of Defense Software Engineering, Vol. 22, No. 6, pp. 20-25, September/October 2009.
- Ramuhalli P. et al., Towards a Theory of Autonomous Reconstitution of Compromised Cyber-Systems. Proc. HST2013, IEEE International Conference on Technologies for Homeland Security, Waltham, Mass. November 12-14, 2013.
- Ross R., J.C. Oren, M. McEvilley, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. NIST Special Publication 800-160. National Institute of Standards and Technology, Gaithersburg, MD, May 2014.
- International Electrotechnical Vocabulary (IEV), International Electrotechnical Commission (IEC), Geneva, Switzerland. URL: http://www.electropedia.org/
- IEEE Software and Systems Engineering Vocabulary. IEEE Computer Society, Washington, DC, URL: http://computer.org/sevocab
- National Information Assurance (IA) Glossary. CNSS Instruction No. 4009. Committee on National Security Systems, 26 April 2010.
- Almeida R., H. Madeira, M. Vieira, Benchmarking the Resilience of Self-Adaptive Systems: A New Research Challenge. Proc. 29th IEEE Int'l Symposium on Reliable Distributed Systems, New Dehli, October 31 - November 3, 2010.
- Bodeau D., R. Graubart, L. LaPadula, P. Kertzner, A. Rosenthal, J. Brennan, Cyber Resiliency Metrics. Version 1.0, Rev. 1. Technical Report MP120053, The MITRE Corporation, Bedford, Mass. April 2012.
- Ramuhalli P., Theory of Resilience: A Framework for Resilient Design and Reconstitution of Cyber Systems, Project Flyer, Pacific Northwest National Laboratory, Richland, Wash., 2014. URL: http://cybersecurity.pnnl.gov/documents/projects/Theory_Flyer.pdf
- Vugrin E.D., R.C. Camphouse, Infrastructure resilience assessment through control design. International Journal of Critical Infrastructures, Vol. 7, No. 3, pp. 243-260, 2011.
- National Research Council, Committee for Advancing SoftwareIntensive Systems, Producibility Critical Code: Software Producibility for Defense, National Academies Press, Washington, DC, 2010.
- Kornecki A., J. Zalewski, W. Stevenson, Availability Assessment of Embedded Systems with Security Vulnerabilities, Proc. SEW-2011, 34th IEEE Software Engineering Workshop, Limerick, Ireland, June 20-21, 2011, pp. 42-47.
- Möbius: Model-Based Environment for Validation of System Reliability, Availability, Security and Performance. Performability Engineering Research Group, University of Illinois, UrbanaChampaign, Ill., 2014. URL: https://www.mobius.illinois.edu/
- Ford M.D. et al., Implementing the ADVISE Security Modeling Formalism in Möbius. Proc. DSN '13, 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Budapest, Hungary, June 24-27, 2013.G. O. Young, "Synthetic structure of industrial plastics (Book style with paper title and editor)," in Plastics, 2nd ed. vol. 3, J. Peters, Ed. New York: McGraw-Hill, 1964, pp. 15-64.