JUCS - Journal of Universal Computer Science 27(6): 609-634, doi: 10.3897/jucs.68539
Security Reference Architecture for Cyber-Physical Systems (CPS)
expand article infoJulio Moreno, David G. Rosado§, Luis E. Sánchez§, Manuel A. Serrano§, Eduardo Fernández-Medina§
‡ NTT Data, Madrid, Spain§ GSyA Research Group - UCLM, Ciudad Real, Spain
Open Access

Cyber-physical systems (CPS) are the next generation of engineered systems into which computing, communication, and control technologies are now being closely integrated. They play an increasingly important role in critical infrastructures, governments and everyday life. Security is crucial in CPS, but they were not, unfortunately, initially conceived as a secure environment, and if these security issues are to be incorporated, then security must be considered from the very beginning of the system design. One way in which to solve this problem is by having a global perspective, which can be achieved by employing a Reference Architecture (RA), since it is a high-level abstraction of a system that could be useful in the implementation of complex systems. It is widely accepted that adding elements in order to address many security factors (integrity, confidentiality, availability, etc.) and facilitate the definition of the security requirements of a Security Reference Architecture (SRA) is a good starting point when attempting to solve these kinds of cybersecurity problems and protect the system from the beginning of the development. An SRA makes it possible to define the key elements of a specific environment, thus allowing a better understanding of the inherent elements of the environments, while promoting the integration of security aspects and mechanisms. The present paper, therefore, presents the definition of an SRA for CPS by using UML models in an attempt to facilitate secure CPS implementations.

Cyber-Physical Systems (CPS); Security Reference Architecture; Secure design; Security patterns