The University of Southampton
University of Southampton Institutional Repository

Cyber-physical zero trust architecture for industrial cyber-physical systems

Cyber-physical zero trust architecture for industrial cyber-physical systems
Cyber-physical zero trust architecture for industrial cyber-physical systems
In recent years, zero trust architecture (ZTA) has become an emerging security architecture. When deploying to industrial systems, an important consideration of the ZTA is the effective modeling of the cross-layer penetration between cyber and physical layers. An ineffective model of cross-layer penetration can lead to inferior performance in mitigating cross-layer failures. To tackle this issue, this paper develops a subset of the ZTA dedicated to industrial cyber-physical systems (ICPS), called the Cyber-Physical-ZTA, to model cross-layer penetration. Its uniqueness mainly consists of two innovative techniques, namely, a multi-layer access control engine and an integrated physical model-based and data-driven policy optimizer. The multi-layer access control engine can evaluate the trust scores for each component considering their cross-layer impact, while the integration of data-driven and model-based approaches can improve efficiency in optimizing access policies. Our simulations are conducted to demonstrate the effectiveness of Cyber-Physical-ZTA. In comparison to the standard ZTA, with no rules added to detect cross-layer penetration, the multi-access policy engine of the Cyber-Physical-ZTA increases the detection probability against false data injection (FDI) attacks by more than 31%.
394-405
Feng, Xiaomeng
22a65b28-6daa-4cd4-8cad-4608c412aa08
Hu, Shiyan
19bb09b2-bf52-4bd7-818a-63e8da474072
Feng, Xiaomeng
22a65b28-6daa-4cd4-8cad-4608c412aa08
Hu, Shiyan
19bb09b2-bf52-4bd7-818a-63e8da474072

Feng, Xiaomeng and Hu, Shiyan (2023) Cyber-physical zero trust architecture for industrial cyber-physical systems. IEEE Transactions on Industrial Cyber-Physical Systems, 1, 394-405. (doi:10.1109/TICPS.2023.3333850).

Record type: Article

Abstract

In recent years, zero trust architecture (ZTA) has become an emerging security architecture. When deploying to industrial systems, an important consideration of the ZTA is the effective modeling of the cross-layer penetration between cyber and physical layers. An ineffective model of cross-layer penetration can lead to inferior performance in mitigating cross-layer failures. To tackle this issue, this paper develops a subset of the ZTA dedicated to industrial cyber-physical systems (ICPS), called the Cyber-Physical-ZTA, to model cross-layer penetration. Its uniqueness mainly consists of two innovative techniques, namely, a multi-layer access control engine and an integrated physical model-based and data-driven policy optimizer. The multi-layer access control engine can evaluate the trust scores for each component considering their cross-layer impact, while the integration of data-driven and model-based approaches can improve efficiency in optimizing access policies. Our simulations are conducted to demonstrate the effectiveness of Cyber-Physical-ZTA. In comparison to the standard ZTA, with no rules added to detect cross-layer penetration, the multi-access policy engine of the Cyber-Physical-ZTA increases the detection probability against false data injection (FDI) attacks by more than 31%.

Text
FINAL_VERSION - Accepted Manuscript
Restricted to Repository staff only
Request a copy

More information

Accepted/In Press date: 7 November 2023
e-pub ahead of print date: 28 November 2023

Identifiers

Local EPrints ID: 485355
URI: http://eprints.soton.ac.uk/id/eprint/485355
PURE UUID: 29cc753c-7381-4781-b6be-8d4de1223fae

Catalogue record

Date deposited: 05 Dec 2023 17:35
Last modified: 17 Mar 2024 06:16

Export record

Altmetrics

Contributors

Author: Xiaomeng Feng
Author: Shiyan Hu

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×