Security-Oriented Fault-Tolerance in Systems Engineering: A Conceptual Threat Modelling Approach for Cyber-Physical Production Systems

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1196)


Faults in the realization and usage of cyber-physical systems can cause significant security issues. Attackers might exploit vulnerabilities in the physical configurations, control systems, or accessibility through internet connections. For CPS, two challenges are combined: Firstly, discipline-specific security measures should be applied. Secondly, new measures have to be created to cover interdisciplinary impacts. For instance, faulty software configurations in cyber-physical production systems (CPPS) might allow attackers to manipulate the correct control of production processes impacting the quality of end products. From liability and publicity perspective, a worst-case scenario is that such a corrupted product is delivered to a customer. In this context, security-oriented fault-tolerance in Systems Engineering (SE) requires measures to evaluate interdisciplinary system designs with regard to potential scenarios of attacks. The paper at hand contributes a conceptual threat modelling approach to cover potential attack scenarios. The approach can be used to derive both system-level and discipline-specific security solutions. As an application case, issues are focused on which attackers intend to exploit vulnerabilities in a CPPS. The goal is to support systems engineers in verification and validation tasks regarding security-oriented fault-tolerance.


Systems engineering Threat modelling Scenario-based analysis 


  1. 1.
    Potiron, K., El Fallah, S.A., Taillibert, P.: From Fault Classification to Fault Tolerance for Multi-agent Systems. Springer-Briefs in Computer Science. Springer, London (2013)CrossRefGoogle Scholar
  2. 2.
    Isermann, R.: Fault-Diagnosis Systems: An Introduction from Fault Detection to Fault Tolerance. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Carnegie Mellon University: Systems Security Engineering Capability maturity Model: SSE-CMM Model Description Document (1999)Google Scholar
  4. 4.
    Fitzgerald, J., Larsen, P.G., Verhoef, M.: From embedded to cyber-physical systems: challenges and future directions. In: Fitzgerald, J., Larsen, P.G., Verhoef, M. (eds.) Collaborative Design for Embedded Systems: Co-modelling and Co-simulation, vol. 138, pp. 293–303. Springer, Berlin (2014)CrossRefGoogle Scholar
  5. 5.
    Sadeghi, A.-R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: Proceedings of the 52nd Annual Design Automation Conference. ACM, New York, pp. 1–6 (2015)Google Scholar
  6. 6.
    Lee, E.A.: Cyber physical systems: design challenges. In: 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing, pp. 363–369. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  7. 7.
    Gräßler, I., Pöhler, A., Pottebaum, J.: Creation of a learning factory for cyber physical production systems. Procedia CIRP 54, 107–112 (2016). Scholar
  8. 8.
    Frazzon, E.M., Hartmann, J., Makuschewitz, T., et al.: Towards socio-cyber-physical systems in production networks. In: Cunha, P.F. (ed.) 46th CIRP Conference on Manufacturing Systems 2013, vol. 7, pp. 49–54 (2013)Google Scholar
  9. 9.
    Nguyen, P.H., Ali, S., Yue, T.: Model-based security engineering for cyber-physical systems: a systematic mapping study. Inf. Softw. Technol. 83, 116–135 (2017). Scholar
  10. 10.
    Deyter, S., Gausemeier, J., Kaiser, L., et al.: Modeling and analyzing fault-tolerant mechatronic systems. In: Norell Bergendahl, M., Grimheden, M., Leifer, L., et al. (eds.) Design Has Never Been This Cool: ICED 09, The 17th International Conference on Engineering Design, pp. 55–66. Design Society, Glasgow (2009)Google Scholar
  11. 11.
    Kolberg, E., Reich, Y., Levin, I.: Express engineering change management. In: Giess, M.P., Goh, Y.M., Lian Ding, L., et al. (eds.) ICED 07, The 16th International Conference on Engineering Design. Design Society (2007)Google Scholar
  12. 12.
    Rostami, M., Koushanfar, F., Rajendran, J., et al.: Hardware security: threat models and metrics. In: 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 819–823. IEEE Press, Piscataway (2013)Google Scholar
  13. 13.
    Isaksson, S., Ritchey, T.: Protection against sabotage of nuclear facilities: using morphological analysis in revising the design basis threat. Adaptation of the original paper 2010. In: 44th Annual Meeting of the Institute of Nuclear Materials Management (2003)Google Scholar
  14. 14.
    Schumacher, M., Fernandez-Buglioni, E., et al.: Security Patterns: Integrating Security and Systems Engineering. Wiley (2006)Google Scholar
  15. 15.
    Shostack, A.: Threat Modeling: Designing for Security. Wiley, Indianapolis (2014)Google Scholar
  16. 16.
    Walden, D.D., Roedler, G.J., Forsberg, K., et al. (eds.): Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities; INCOSE-TP-2003-002-04, 4th edn. Wiley, Hoboken (2015)Google Scholar
  17. 17.
    VDI: VDI 2206 Design methodology for mechatronic systems (VDI 2206) (2004)Google Scholar
  18. 18.
    Gräßler, I., Hentze, J., Bruckmann, T.: V-models for interdisciplinary systems engineering. In: Proceedings of the DESIGN 2018 15th International Design Conference. Faculty of Mechanical Engineering and Naval Architecture, University of Zagreb, Croatia, The Design Society, Glasgow, UK, pp. 747–756 (2018)Google Scholar
  19. 19.
    Börjeson, L., Höjer, M., Dreborg, K.-H., et al.: Scenario types and techniques: towards a user’s guide. Futures 38(7), 723–739 (2006). Scholar
  20. 20.
    Gräßler, I., Hentze, J., Scholle, P.: Enhancing systems engineering by scenario-based anticipation of future developments. In: SoSE and Cyber Physical Systems (CPS), From Academia to Application and Back: 11th Systems of Systems Engineering Conference (SoSE). IEEE, Piscataway (2016)Google Scholar
  21. 21.
    Fitzgerald, J.: Developing & ranking threat scenarios. EDPACS 6(3), 1–5 (1978). Scholar
  22. 22.
    Lotz, V.: Threat scenarios as a means to formally develop secure systems. J. Comput. Secur. 5(1), 31–67 (1997)CrossRefGoogle Scholar
  23. 23.
    Kim, Y.-G., Cha, S.: Threat scenario-based security risk analysis using use case modeling in information systems. Secur. Comm. Netw. 5(3), 293–300 (2012). Scholar
  24. 24.
    Young, W.T., Memory, A., Goldberg, H.G., et al.: Detecting unknown insider threat scenarios. In: 2014 IEEE Security and Privacy Workshops: Proceedings, 17–18 May 2014, San Jose, California, USA. Conference Publishing Services, pp. 277–288. IEEE Computer Society, Los Alamitos (2014)Google Scholar
  25. 25.
    Roudier, Y., Apvrille, L.: SysML-Sec: a model driven approach for designing safe and secure systems. In: Hammoudi, S. (ed.) MODELSWARD 2015: Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development, pp. 655–664. IEEE, Piscataway (2015)Google Scholar
  26. 26.
    Apvrille, L., Roudier, Y.: Towards the model-driven engineering of secure yet safe embedded systems. Electron. Proc. Theor. Comput. Sci. 148(4), 15–30 (2014). Scholar
  27. 27.
    Andress, J.: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, 2nd edn. The Basics. Elsevier Science, Burlington (2014)Google Scholar
  28. 28.
    Røstad, L.: An extended misuse case notation: including vulnerabilities and the insider threat. In: 12th Working Conference on Requirements Engineering (REFSQ 2006): Foundation for Software Quality (2006)Google Scholar
  29. 29.
    Gräßler, I., Pottebaum, J., Scholle, P.: Integrated process and data model for agile strategic planning. In: Vajna, S. (ed.) 11th International Workshop on Integrated Design Engineering (2017)Google Scholar
  30. 30.
    Geismann, J., Gerking, C., Bodden, E.: Towards ensuring security by design in cyber-physical systems engineering processes. In: Kuhrmann, M., O’Connor, R.V., Houston, D. (eds.) Proceedings of the 2018 International Conference on Software and System Process - ICSSP 2018, pp. 123–127. ACM Press, New York (2018)Google Scholar
  31. 31.
    Völter, M., Stahl, T., Bettin, J., et al.: Model-Driven Software Development: Technology, Engineering, Management, 1 edn. Wiley Software Patterns Series. Wiley, s.l. (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Heinz Nixdorf Institute – Product CreationPaderborn UniversityPaderbornGermany
  2. 2.Heinz Nixdorf Institute – Secure Software EngineeringPaderborn UniversityPaderbornGermany

Personalised recommendations