Security Requirements Engineering: A Framework for Cyber-Physical Systems DISSERTATION zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) durch die Fakultät für Wirtschaftswissenschaften der Universität Duisburg-Essen, Campus Essen vorgelegt von Shafiq ur Rehman geboren in Karachi, Pakistan Betreuer: Prof. Dr. Volker Gruhn Lehrstuhl für Software Engineering, insb. mobile Anwendungen Institut für Informatik und Wirtschaftsinformatik Essen, 2020 Gutachter: 1. Gutachter: Prof. Dr. Volker Gruhn 2. Gutachter: Prof. Dr. Matthias Book Tag der mündlichen Prüfung: 14.01.2020 Diese Dissertation wird über DuEPublico, dem Dokumenten- und Publikationsserver der Universität Duisburg-Essen, zur Verfügung gestellt und liegt auch als Print-Version vor. DOI: 10.17185/duepublico/71232 URN: urn:nbn:de:hbz:464-20200129-102905-3 Alle Rechte vorbehalten. ii Abstract In present day software development industry, cyber-physical systems are gaining much attention from researchers and practitioners due to their high impact on the world’s economy. These systems are considered as hallmarks of the modern age of computing power integrated with physical systems. With the rising use and importance of cyber-physical systems, organizations have come to terms with the importance of security in these systems. Therefore, security requirements are a significant part of cyber-physical systems, but there is a lack of processes to develop secure systems. Several security requirements frameworks have been proposed but the benefits of these frameworks are limited to the realm of software. The most significant contribution of this thesis is to propose, apply and assess a security requirements engineering framework for cyber-physical systems that overcomes the issue of security requirements elicitation for cyber-physical systems. The proposed cyber-physical systems framework offers complete guidelines for practitioners and researchers to determine security requirements. A security requirements engineering Tool to facilitate application of our proposed framework has also been developed. The proposed framework has been evaluated by way of two case studies conducted on real-world cyber-physical systems implementations, which show promising results. Furthermore, this work also compares the activities mandated by our security requirements engineering framework with those of existing software security frameworks. The results of this thesis can be used as a basis for further research in security requirements engineering of cyber-physical systems. Organizations that apply the proposed framework derived from the results of this research will be better positioned to explore security requirements in the early phases of system development and be assured of an uncompromised system of security. iii Acknowledgements I would firstly like to thank God-Almighty for not only the ability, but also the constant strength and perseverance that kept me going through this thesis. Further, I would like to express my deepest gratitude to my supervisor, Professor Volker Gruhn, who has been a steady guide through the course of my research and has always been supportive of my academic endeavours - no matter which corner of the Earth they led me to – thereby allowing me to interact with and learn from excellent researchers in my field from around the globe. I am thankful for dedicating his time and effort and for always making me feel welcome at his office. I would also like to express my appreciation for Professor Matthias Book, who not only offered deep critical insights through his review of my thesis, but also went out of his way to make available to me certain academic opportunities that I found to be extremely valuable. I would also like to extend my thanks to all my colleagues in Paluno. It has been a great experience working with and exchanging ideas with them. All the talks, discussions and dissertation seminars have been invaluable experiences for me. Last but not least, I would like to give thanks to my family, particularly my mother, who has always been a pillar of support for me, and without whom I would not be where I stand today. I thank her for her prayers, her emotional support and for always giving me advice when I hit a rough patch in life and don’t know what to do. My wife too, has been a constant source of strength for me, a companion, a friend and both a mother and father for my children in my absence. I thank her for all of this and for not killing me when I told her I would be living in a different country for the next three years. I’d like to thank my daughter Eshal and my son Shaheer for bearing with me patiently and not holding against me the time I could not give them in pursuit of my doctoral studies. iv Contents Abstract ................................................................................................................................................ iii Acknowledgements ........................................................................................................................... iv List of Figures ..................................................................................................................................... ix List of Tables ....................................................................................................................................... xi CHAPTER 1 .......................................................................................................................................... 1 Introduction ......................................................................................................................................... 1 1.1 Problem Statement .................................................................................................................... 4 1.2 Research Questions................................................................................................................... 6 1.3 Contribution ............................................................................................................................... 6 1.4 Publications ................................................................................................................................ 9 1.5 Thesis Structure ....................................................................................................................... 10 CHAPTER 2 ........................................................................................................................................ 12 Security of Cyber-Physical Systems .............................................................................................. 12 2.1 Overview................................................................................................................................... 12 2.2 Cyber-Physical Systems ......................................................................................................... 13 2.2.1 The Physical layer ............................................................................................................ 15 2.2.2 The Network layer ........................................................................................................... 15 2.2.3 The Application layer ...................................................................................................... 16 2.3 Differences to Classical Systems ......................................................................................... 16 2.4 Security Challenges ................................................................................................................ 18 2.5 Security Requirements Engineering ................................................................................... 20 2.5.1 Why Security Requirements Engineering for CPS .................................................... 20 2.5.2 Security Issues around Sensor Networks .................................................................... 22 2.6 Security Goals for a System .................................................................................................. 23 2.6.1 Authentication .................................................................................................................. 23 2.6.2 Availability ........................................................................................................................ 24 2.6.3 Integrity .............................................................................................................................. 24 2.6.4 Confidentiality ................................................................................................................. 24 2.7 Threats of Cyber-Physical Systems ..................................................................................... 25 2.7.1 Threats on Physical Layer ............................................................................................... 25 v 2.7.1.1 Physical Attack and Natural Disaster ................................................................... 25 2.7.1.2 Radio Frequency Jamming ...................................................................................... 26 2.7.1.3 Sensor Node Compromising ................................................................................... 26 2.7.1.4 Node Replication Attack .......................................................................................... 26 2.7.2 Threats on Network Layer .............................................................................................. 27 2.7.2.1