当前位置:
X-MOL 学术
›
J. Ind. Inf. Integr.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
TRIPLE: A blockchain-based digital twin framework for cyber–physical systems security
Journal of Industrial Information Integration ( IF 10.4 ) Pub Date : 2024-10-24 , DOI: 10.1016/j.jii.2024.100706 Sabah Suhail, Mubashar Iqbal, Rasheed Hussain, Saif Ur Rehman Malik, Raja Jurdak
Journal of Industrial Information Integration ( IF 10.4 ) Pub Date : 2024-10-24 , DOI: 10.1016/j.jii.2024.100706 Sabah Suhail, Mubashar Iqbal, Rasheed Hussain, Saif Ur Rehman Malik, Raja Jurdak
Cyber–physical systems (CPSs) are being increasingly adopted for industrial applications, yet they involve a dynamic threat landscape that requires CPSs to adapt to emerging threats during their operation. Recently, digital twin (DT) technology (which refers to a virtual representation of a product, process, or environment) has emerged as a suitable candidate to address the security challenges faced by dynamic CPSs. DT has the capability of strengthening the security of CPSs by continuously mapping the physical to twin counterparts to detect inconsistencies. The existing DT-based security solutions are constrained by untrustworthy data dissemination as well as limited data sharing among the involved stakeholders, which, in turn, limit the ability of DTs to run accurate simulations or make valid decisions. To address these challenges, this paper proposes a modular framework called TR usted and I ntelligent cyber-P hysicaL systE m (TRIPLE), that leverages blockchain, DTs, and threat intelligence (TI) to secure CPSs. The blockchain-based DT components in the framework provide data integrity, traceability, and availability for trusted DTs. Furthermore, to accurately and comprehensively model system states, the framework envisions fusing process knowledge for modeling DTs from system specification-based and learning-based information and other sources, including infrastructure-as-code (IaC) and knowledge base (KB). The framework also integrates TI for future-proofing against emerging threats, such that threats can be detected either reactively by mapping the behavior of physical and virtual spaces or proactively by TI and threat hunting. We demonstrate the viability of the framework through a proof of concept. Finally, we formally verify the TRIPLE framework to demonstrate its correctness and effectiveness in enhancing CPS security.
中文翻译:
TRIPLE:基于区块链的数字孪生框架,用于信息物理系统安全
信息物理系统 (CPS) 越来越多地用于工业应用,但它们涉及动态的威胁环境,要求 CPS 在运行期间适应新出现的威胁。最近,数字孪生 (DT) 技术(指产品、流程或环境的虚拟表示)已成为解决动态 CPS 面临的安全挑战的合适候选者。DT 能够通过不断将物理对应项映射到孪生项来检测不一致,从而增强 CPS 的安全性。现有的基于 DT 的安全解决方案受到不可信数据传播以及相关利益相关者之间有限数据共享的限制,这反过来又限制了 DT 运行准确模拟或做出有效决策的能力。为了应对这些挑战,本文提出了一个称为 TRusted 和智能网络物理系统 (TRIPLE) 的模块化框架,该框架利用区块链、DT 和威胁情报 (TI) 来保护 CPS。框架中基于区块链的 DT 组件为可信 DT 提供数据完整性、可追溯性和可用性。此外,为了准确、全面地对系统状态进行建模,该框架设想将来自基于系统规范和基于学习的信息以及其他来源(包括基础设施即代码 (IaC) 和知识库 (KB))的流程知识融合在一起,用于对 DT 进行建模。该框架还集成了 TI,以应对未来出现的威胁,因此可以通过映射物理和虚拟空间的行为来被动地检测到威胁,也可以通过 TI 和威胁搜寻主动检测到威胁。我们通过概念验证来证明该框架的可行性。 最后,我们对 TRIPLE 框架进行了正式验证,以证明其在增强 CPS 安全性方面的正确性和有效性。
更新日期:2024-10-24
中文翻译:
TRIPLE:基于区块链的数字孪生框架,用于信息物理系统安全
信息物理系统 (CPS) 越来越多地用于工业应用,但它们涉及动态的威胁环境,要求 CPS 在运行期间适应新出现的威胁。最近,数字孪生 (DT) 技术(指产品、流程或环境的虚拟表示)已成为解决动态 CPS 面临的安全挑战的合适候选者。DT 能够通过不断将物理对应项映射到孪生项来检测不一致,从而增强 CPS 的安全性。现有的基于 DT 的安全解决方案受到不可信数据传播以及相关利益相关者之间有限数据共享的限制,这反过来又限制了 DT 运行准确模拟或做出有效决策的能力。为了应对这些挑战,本文提出了一个称为 TRusted 和智能网络物理系统 (TRIPLE) 的模块化框架,该框架利用区块链、DT 和威胁情报 (TI) 来保护 CPS。框架中基于区块链的 DT 组件为可信 DT 提供数据完整性、可追溯性和可用性。此外,为了准确、全面地对系统状态进行建模,该框架设想将来自基于系统规范和基于学习的信息以及其他来源(包括基础设施即代码 (IaC) 和知识库 (KB))的流程知识融合在一起,用于对 DT 进行建模。该框架还集成了 TI,以应对未来出现的威胁,因此可以通过映射物理和虚拟空间的行为来被动地检测到威胁,也可以通过 TI 和威胁搜寻主动检测到威胁。我们通过概念验证来证明该框架的可行性。 最后,我们对 TRIPLE 框架进行了正式验证,以证明其在增强 CPS 安全性方面的正确性和有效性。
京公网安备 11010802027423号