Risk-driven Model-based Architecture Design for Secure Information Flows in Manufacturing Infrastructures

Loris Dal Lago; Fabio Federici; Davide Martintoni; Valerio Senni

doi:10.5220/0011144700003283

Risk-driven Model-based Architecture Design for Secure Information Flows in Manufacturing Infrastructures

Loris Dal Lago, Fabio Federici, Davide Martintoni, Valerio Senni

2022

Abstract

Modern manufacturing infrastructures leverage internet and intranet connectivity to guarantee the remote execution of services at the shopfloor level, continued operations and remote reconfigurability. Nonetheless, equipment used in industrial plants is not always prepared to withstand the security challenges introduced by increased connectivity demands, thus exposing the overall system to security threats. We propose a model-based approach to combine secure design of digital infrastructures for manufacturing with a rigorous security risk assessment, enabling trusted connectivity for equipment, with a robust analysis method for the evaluation of their security properties. To that aim, information flow paths are captured between functions and equipment, assets and threats are identified, mitigations and new security requirements are defined. Mitigations are then propagated to the level of implementation, where we rely on hardware-enforced isolation to provide trusted computation and data protection. In this paper we demonstrate our methodological approach using an extension of the SysML language for threat modelling and by relying on ARM TrustZone for hardware isolation. Our approach is sufficiently general to be reused for other domains and alternative technologies.

Download

Paper Citation

in Harvard Style

Dal Lago L., Federici F., Martintoni D. and Senni V. (2022). Risk-driven Model-based Architecture Design for Secure Information Flows in Manufacturing Infrastructures. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 499-506. DOI: 10.5220/0011144700003283

in Bibtex Style

@conference{secrypt22,
author={Loris Dal Lago and Fabio Federici and Davide Martintoni and Valerio Senni},
title={Risk-driven Model-based Architecture Design for Secure Information Flows in Manufacturing Infrastructures},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={499-506},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011144700003283},
isbn={978-989-758-590-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Risk-driven Model-based Architecture Design for Secure Information Flows in Manufacturing Infrastructures
SN - 978-989-758-590-6
AU - Dal Lago L.
AU - Federici F.
AU - Martintoni D.
AU - Senni V.
PY - 2022
SP - 499
EP - 506
DO - 10.5220/0011144700003283