A Security Cost Modelling Framework for Cyber-Physical Systems

TL;DR

This paper introduces the Security Cost Modelling Framework (SCMF) for cyber-physical systems, enabling measurement and analysis of security overheads to optimize system performance and security trade-offs.

Contribution

The paper presents a novel framework that normalizes and aggregates performance metrics to quantify security costs in CPS, supported by experimental validation.

Findings

SCMF effectively measures overall CPS performance.

Security costs can be extracted from performance metrics.

Framework aids in redesigning CPS interactions for cost efficiency.

Abstract

Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common Cost Unit. Moreover, we show how the Security Costs can be extracted from the overall performance measurements which allows to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs.