Cyber-physical zero trust architecture for industrial cyber-physical systems
Cyber-physical zero trust architecture for industrial cyber-physical systems
In recent years, zero trust architecture (ZTA) has become an emerging security architecture. When deploying to industrial systems, an important consideration of the ZTA is the effective modeling of the cross-layer penetration between cyber and physical layers. An ineffective model of cross-layer penetration can lead to inferior performance in mitigating cross-layer failures. To tackle this issue, this paper develops a subset of the ZTA dedicated to industrial cyber-physical systems (ICPS), called the Cyber-Physical-ZTA, to model cross-layer penetration. Its uniqueness mainly consists of two innovative techniques, namely, a multi-layer access control engine and an integrated physical model-based and data-driven policy optimizer. The multi-layer access control engine can evaluate the trust scores for each component considering their cross-layer impact, while the integration of data-driven and model-based approaches can improve efficiency in optimizing access policies. Our simulations are conducted to demonstrate the effectiveness of Cyber-Physical-ZTA. In comparison to the standard ZTA, with no rules added to detect cross-layer penetration, the multi-access policy engine of the Cyber-Physical-ZTA increases the detection probability against false data injection (FDI) attacks by more than 31%.
394-405
Feng, Xiaomeng
22a65b28-6daa-4cd4-8cad-4608c412aa08
Hu, Shiyan
19bb09b2-bf52-4bd7-818a-63e8da474072
Feng, Xiaomeng
22a65b28-6daa-4cd4-8cad-4608c412aa08
Hu, Shiyan
19bb09b2-bf52-4bd7-818a-63e8da474072
Feng, Xiaomeng and Hu, Shiyan
(2023)
Cyber-physical zero trust architecture for industrial cyber-physical systems.
IEEE Transactions on Industrial Cyber-Physical Systems, 1, .
(doi:10.1109/TICPS.2023.3333850).
Abstract
In recent years, zero trust architecture (ZTA) has become an emerging security architecture. When deploying to industrial systems, an important consideration of the ZTA is the effective modeling of the cross-layer penetration between cyber and physical layers. An ineffective model of cross-layer penetration can lead to inferior performance in mitigating cross-layer failures. To tackle this issue, this paper develops a subset of the ZTA dedicated to industrial cyber-physical systems (ICPS), called the Cyber-Physical-ZTA, to model cross-layer penetration. Its uniqueness mainly consists of two innovative techniques, namely, a multi-layer access control engine and an integrated physical model-based and data-driven policy optimizer. The multi-layer access control engine can evaluate the trust scores for each component considering their cross-layer impact, while the integration of data-driven and model-based approaches can improve efficiency in optimizing access policies. Our simulations are conducted to demonstrate the effectiveness of Cyber-Physical-ZTA. In comparison to the standard ZTA, with no rules added to detect cross-layer penetration, the multi-access policy engine of the Cyber-Physical-ZTA increases the detection probability against false data injection (FDI) attacks by more than 31%.
Text
FINAL_VERSION
- Accepted Manuscript
Restricted to Repository staff only
Request a copy
More information
Accepted/In Press date: 7 November 2023
e-pub ahead of print date: 28 November 2023
Identifiers
Local EPrints ID: 485355
URI: http://eprints.soton.ac.uk/id/eprint/485355
PURE UUID: 29cc753c-7381-4781-b6be-8d4de1223fae
Catalogue record
Date deposited: 05 Dec 2023 17:35
Last modified: 17 Mar 2024 06:16
Export record
Altmetrics
Contributors
Author:
Xiaomeng Feng
Author:
Shiyan Hu
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics