Onto-CARMEN: Ontology-driven approach for Cyber–Physical System Security Requirements meta-modelling and reasoning
04 de Diciembre del 2023
Nuestros compañeros Carlos Blanco, David G. Rosado y Eduardo Fernández-Medina del grupo GSYA junto a Ángel Jesús Varela-Vaca y María Teresa Gómez Lopez del grupo IDEAS de la Universidad de Sevilla han publicado el artículo “Onto-CARMEN: Ontology-driven approach for Cyber–Physical System Security Requirements meta-modelling and reasoning”, en la revista Internet of Things (IF 5.9, Q1). DOI: https://doi.org/10.1016/j.iot.2023.100989. El artículo está accesible bajo licencia Open Access.
Resumen
In the last years, Cyber–physical systems (CPS) have attracted substantial mainstream, especially in the industrial sector, since they have become the focus of cyber-attacks. CPS are complex systems that encompass a great variety of hardware and software components with a countless number of configurations and features. For this reason, the construction, validation, and diagnosis of security in CPS become a major challenge. An invalid security requirement for the CPS can produce partial or incomplete configuration, even misconfigurations, and hence catastrophic consequences. Therefore, it is crucial to ensure the validation of the security requirements specification from the earlier design stages. To this end, Onto-CARMEN is proposed, a semantic approach that enables the automatic verification and diagnosis of security requirements according to the ENISA and OWASP recommendations. Our approach provides a mechanism for the specification of security requirements on top of ontologies, and automatic diagnosis through semantic axioms and SPARQL rules. The approach has been validated using security requirements from a real case study.
