A Security Cost Modelling Framework for Cyber-Physical Systems
This addresses the problem of balancing security and performance in CPS design for engineers and developers, but it appears incremental as it builds on existing metrics with a new normalization and aggregation methodology.
The paper tackles the challenge of designing secure Cyber-Physical Systems (CPS) without compromising performance by introducing the Security Cost Modelling Framework (SCMF), which measures, normalizes, and aggregates overall performance to quantify security costs, enabling redesigns for lower costs.
Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common Cost Unit. Moreover, we show how the Security Costs can be extracted from the overall performance measurements which allows to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs.