CYBER-PHYSICAL SYSTEMS: BUILDING A SECURITY REFERENCE ARCHITECTURE FOR CARGO PORTS

Cyber-Physical Systems (CPS) are physical entities whose operations are monitored, coordinated, and controlled by a computing and communication core. These systems are highly heterogeneous and complex. Their numerous components and cross domain complexity make attacks easy to propagate and security difficult to implement. Consequently, to secure these systems, they need to be built in a systematic and holistic way, where security is an integral part of the development lifecycle and not just an activity after development. These systems present a multitude of implementation details in their component units, so it is fundamental to use abstraction in the analysis and construction of their architecture. In particular, we can apply abstraction through the use of patterns. Pattern-based architectural modeling is a powerful way to describe the system and analyze its security and the other non-functional aspects. Patterns also have the potential to unify the design of their computational, communication, and control aspects. Architectural modeling can be performed through UML diagrams to show the interactions and dependencies between different components and its stakeholders. Also, it can be used to analyze security threats and describe the possible countermeasures to mitigate these threats. An important type of CPS is a maritime container terminal, a facility where cargo containers are transported between ships and land vehicles; for example, trains or trucks, for onward transportation, and vice versa. Every cargo port performs four basic functions: receiving, storing, staging and loading for both, import and export containers. We present here a set of patterns that describe the elements and functions of a cargo port system, and a Reference Architecture (RA) built using these patterns. We analyze and systematically enumerate the possible security threats to a container terminal in a cargo port using activity diagrams derived from selected use cases of the system. We describe these threats using misuse patterns, and from them select security patterns as defenses. The RA provides a framework to determine where to add these security mechanisms to stop or mitigate these threats and build a Security Reference Architecture (SRA) for CPS. An SRA is an abstract architecture describing a conceptual model of security that provides a way to specify security requirements for a wide range of concrete architectures. The analysis and design are given using a cargo port as our example, but the approach can be used in other domains as well. This is the first work we know where patterns and RAs are used to represent cargo ports and analyze their security.