Introduction to Security and Quality Improvement in Complex Cyber-Physical Systems Engineering
Providing Complex Cyber-Physical Systems (C-CPSs) more efficiently and faster is a goal that requires improvements in engineering process for producing high-quality, advanced engineering artifacts. Furthermore, information security must be a top priority when engineering C-CPSs as the engineering artifacts represent assets of high value.
This chapter overviews the engineering process of C-CPSs, typically long-running technical systems, such as industrial manufacturing systems and continuous processing systems. This chapter also covers major areas of requirements that include: (a) processes with intensive generation of engineering artifacts; (b) challenges regarding dependencies and complexity of engineering artifacts, stemming from variants of a product and the associated production process for a family of products; (c) management of model and consistency rules for dependencies between model parts; (d) the internationalization of the engineering process with partners on different levels of trust; and (e) the security of the engineering processes, such as confidentiality of engineering plans, and the security of the systems to be engineered, such as security aspects in the design phase.
For selected requirement areas, the chapter discusses several approaches for quality improvement from business informatics that addresses important classes of requirements, but introduces new complexity to the engineering process. Therefore, the chapter reviews information security improvement approaches for engineering processes, including the consideration of new security requirements stemming from risks introduced by advanced informatics solutions. Finally, the chapter provides an overview on the book parts and the contributions of the chapters to address advanced engineering process requirements.
KeywordsComplex cyber-physical systems Engineering process Multidisciplinary engineering AutomationML Information security
Unable to display preview. Download preview PDF.
The financial support by the Christian Doppler Research Association, the Austrian Federal Ministry for Digital and Economic Affairs, and the National Foundation for Research, Technology, and Development is gratefully acknowledged.
- Abowd, P., Hörmann, K., Vanamali, B., Wall, D., & Schnetzer, S. (2018). Automotive spice essentials: Automotive spice v3.1 – at a glance. Kugler Maag.Google Scholar
- Axelsson, J., & Skoglund, M. (2016). Quality assurance in software ecosystems: A systematic literature mapping and research agenda. JSS, 114, 69–81.Google Scholar
- Beth, M., Chrissis, B., & Konrad, M. (2011). CMMI for development: Guidelines for process integration and product improvement. Boston, MA: Addison Wesley.Google Scholar
- Biffl, S., Lüder, A., & Gerhard, D. (Eds.). (2017b). Multi-disciplinary engineering for cyber-physical production systems – Data models and software solutions for handling complex engineering projects. Cham: Springer.Google Scholar
- Borky, J. M., & Bradley, T. H. (2018). Effective model based systems engineering. Cham: Springer.Google Scholar
- Bosch, J. (2009, August). From software product lines to software ecosystems. In Proceedings of the 13th international software product line conference (pp. 111–119). Pittsburgh: Carnegie Mellon University.Google Scholar
- Deming, W. E. (1986). Out of the crisis. Cambridge, MA: MIT Press.Google Scholar
- Deming, W. E. (1993). The new economics. Cambridge, MA: MIT Press.Google Scholar
- Dragos, Inc. (2018). Industrial control vulnerabilities: 2017 in review (Technical report). Hanover, MD: Dragos. https://dragos.com/media/2017-Review-Industrial-Control-Vulnerabilities.pdf.
- Eckhart, M., & Ekelhart, A. (2018a, May). Towards security-aware virtual environments for digital twins. In Proceedings of the 4th ACM workshop on cyber-physical system security (pp. 61–72). ACM.Google Scholar
- Eckhart, M., & Ekelhart, A. (2018b). Securing cyber-physical systems through digital twins. ERCIM NEWS, 115, 22–23.Google Scholar
- Foehr, M., Jäger, T., Turrin, C., Petrali, P., & Pagani, A. (2013). Methodology for consideration of product quality within factory automation engineering. In 2013 IEEE international conference on industrial technology (ICIT) (pp. 1333–1338). Cape Town.Google Scholar
- Gilb, T. (2005). Competitive engineering: A handbook for systems engineering, requirements engineering, and software engineering using Planguage. Amsterdam: Elsevier.Google Scholar
- Gruhn, V., Gries, S., Hesenius, M., Ollesch, J., Ur Rehmann, S., Schwenzfeier, N., Wahl, C., & Wessling, F. (2017). Engineering cyber-physical systems, within H. Fujita, A. Selamat, S. Omatu, new trends in intelligent software – Methodologies, tools, and techniques. In Proceedings of 16th SoMeT. Amsterdam: IOS Press.Google Scholar
- Howard, M., & Lipner, S. (2006). The security development lifecycle (Vol. 8). Redmond: Microsoft Press.Google Scholar
- Hoyle, D. (2017). ISO 9000 quality systems handbook-updated for the ISO 9001:2015 standard. In Increasing the quality of an organization’s outputs. Abingdon: Taylor & Francis.Google Scholar
- Hundt, L., & Lüder, A. (2012, September). Development of a method for the implementation of interoperable tool chains applying mechatronical thinking—use case engineering of logic control. In Emerging technologies & factory automation (ETFA), 2012 IEEE 17th conference (pp. 1–8). IEEE.Google Scholar
- ISO 9000:2015. (2015). Quality management systems – Fundamentals and vocabulary.Google Scholar
- ISO/IEC 25000:2014. (2014). Systems and software engineering – Systems and software quality requirements and evaluation (SQuaRE) – Guide to SQuaRE.Google Scholar
- Kagermann, H., Helbig, J., Hellinger, A., &Wahlster, W. (2013). Recommendations for implementing the strategic initiative INDUSTRIE 4.0: Securing the future of German manufacturing industry. Final report of the Industrie 4.0 working group, Forschungsunion.Google Scholar
- Kieseberg, P., & Weippl, E. (2018). Security challenges in cyber-physical production systems. In International conference on software quality (pp. 3–16). Cham: Springer.Google Scholar
- Laporte, C. Y., & April, A. (2018). Software quality assurance. Hoboken, NJ: Wiley.Google Scholar
- Lee, E. A. (2008). Cyber physical systems: Design challenges. In 11th IEEE symposium on object oriented real-time distributed computing (ISORC) (pp. 363–369). IEEE.Google Scholar
- Lee, R. M., Assante, M. J., & Conway, T. (2014). German steel mill cyber attack. Industrial Control Systems, 30, 62.Google Scholar
- Lüder, A., Schmidt, N., Hell, K., Röpke, H., & Zawisza, J. (2017a). Fundamentals of artifact reuse in CPPS. In Multi-disciplinary engineering for cyber-physical production systems: Data models and software solutions for handling complex engineering projects (pp. S113–S138). Cham: Springer.CrossRefGoogle Scholar
- Lüder, A., Schmidt, N., Hell, K., Röpke, H., & Zawisza, J. (2017b). Identification of artifacts in life cycle phases of CPPS. In Multi-disciplinary engineering for cyber-physical production systems: Data models and software solutions for handling complex engineering projects (pp. S139–S167). Cham: Springer.CrossRefGoogle Scholar
- Lüder, A., Schmidt, N., Hell, K., Röpke, H., & Zawisza, J. (2017c). Description means for information artifacts throughout the life cycle of CPPS. In Multi-disciplinary engineering for cyber-physical production systems: Data models and software solutions for handling complex engineering projects (pp. S169–S183). Cham: Springer.CrossRefGoogle Scholar
- Lunze, J. (2016). Automatisierungstechnik – Methoden für die Überwachung und Steuerung kontinuierlicher und ereignisdiskreter Systeme. De Gruyter Studium.Google Scholar
- McGraw, G. (2006). Software security: Building security in (Vol. 1). Boston, MA: Addison-Wesley.Google Scholar
- Monostori, L. (2014). Cyber-physical production systems: Roots, expectations and R&D challenges. In Proceedings of the 47th CIRP conference on manufacturing; systems, procedia CIRP (Vol. 17, pp. 9–13).Google Scholar
- Myers, G. J., & Sandler, C. (1979). The art of software testing. Hoboken, NJ: Wiley.Google Scholar
- Ning, J., Chen, Z., & Liu, G. (2010, August). PDCA process application in the continuous improvement of software quality. In Computer, mechatronics, control and electronic engineering (CMCE), 2010 international conference (Vol. 1, pp. 61–65). IEEE.Google Scholar
- Radmand, P., Talevski, A., Petersen, S., & Carlsen, S. (2010). Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In Advanced information networking and applications (AINA), 2010 24th IEEE international conference (pp. 949–957). IEEE.Google Scholar
- Schleipen, M., Lüder, A., Sauer, O., Flatt, H., & Jasperneite, J. (2015). Requirements and concept for plug-and-work. Automatisierungstechnik, 63(10), 801–820.Google Scholar
- Schmittner, C., Ma, Z., & Schoitsch, E. (2015). Combined safety and security development lifecycle. In Industrial informatics (INDIN), 2015 IEEE 13th international conference (pp. 1408–1415). IEEE.Google Scholar
- Slay, J., & Miller, M. (2008). Lessons learned from the Maroochywater breach. In International conference on critical infrastructure protection (pp. 73–82). Boston, MA: Springer.Google Scholar
- Sokovic, M., Pavletic, D., & Pipan, K. K. (2010). Quality improvement methodologies–PDCA cycle, RADAR matrix, DMAIC and DFSS. Journal of Achievements in Materials and Manufacturing Engineering, 43(1), 476–483.Google Scholar
- Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to Industrial Control Systems (ICS) security. NIST Special Publication, 800(82). http://dx.doi.org/10.6028/NIST.SP.800-82r2.
- Strahilov, A., & Hämmerle, H. (2017). Engineering workflow and software tool chains of automated production systems. In S. Biffl, A. Lüder, & D. Gerhard (Eds.), Multi-disciplinary engineering for cyber-physical production systems – Data models and software solutions for handling complex engineering projects (pp. 207–234). Cham: Springer.Google Scholar
- Ullrich, J., Voyiatzis, A. G., & Weippl, E. R. (2016). Secure cyber-physical production systems: Solid steps towards realization. In Cyber-physical production systems (CPPS), 2016 1st international workshop (pp. 1–4). IEEE.Google Scholar
- VDI Richtlinie 3695. (2009). Engineering von Anlagen – Evaluieren und optimieren des Engineerings. Berlin: Beuth.Google Scholar
- VereinDeutscherIngenieure. (2004). VDI-Richtlinie 2206 – Entwicklungsmethodik für mechatronische Systeme. Düsseldorf: Beuth.Google Scholar
- Wagner, S. (2007). Cost-optimisation of analytical software quality assurance. Munich: Technical University Munich.Google Scholar
- Weippl, E., & Kieseberg, P. (2017). Security in cyber-physical production systems: A roadmap to improving IT-security in the production system lifecycle. In AEIT international annual conference (pp. 1–6). IEEE.Google Scholar
- Whittle, J., Hutchinson, J., & Rouncefield, M. (2019). Model-driven development – A practical approach. Abingdon: Routledge.Google Scholar