Qualitative Analysis for Validating IEC 62443-4-2 Requirements in
DevSecOps
- URL: http://arxiv.org/abs/2310.08996v3
- Date: Mon, 23 Oct 2023 06:59:08 GMT
- Title: Qualitative Analysis for Validating IEC 62443-4-2 Requirements in
DevSecOps
- Authors: Christian G\"ottel, Ma\"elle Kabir-Querrec, David Kozhaya,
Thanikesavan Sivanthi, Ognjen Vukovi\'c
- Abstract summary: This paper focuses on the automated validation of ISA/ IEC 62443-4-2 standard component requirements.
Our analysis demonstrates the coverage established by the currently available tools and sheds light on current gaps to achieve full automation.
- Score: 0.8874671354802572
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Validation of conformance to cybersecurity standards for industrial
automation and control systems is an expensive and time consuming process which
can delay the time to market. It is therefore crucial to introduce conformance
validation stages into the continuous integration/continuous delivery pipeline
of products. However, designing such conformance validation in an automated
fashion is a highly non-trivial task that requires expert knowledge and depends
upon the available security tools, ease of integration into the DevOps
pipeline, as well as support for IT and OT interfaces and protocols.
This paper addresses the aforementioned problem focusing on the automated
validation of ISA/IEC 62443-4-2 standard component requirements. We present an
extensive qualitative analysis of the standard requirements and the current
tooling landscape to perform validation. Our analysis demonstrates the coverage
established by the currently available tools and sheds light on current gaps to
achieve full automation and coverage. Furthermore, we showcase for every
component requirement where in the CI/CD pipeline stage it is recommended to
test it and the tools to do so.
Related papers
- AutoPT: How Far Are We from the End2End Automated Web Penetration Testing? [54.65079443902714]
We introduce AutoPT, an automated penetration testing agent based on the principle of PSM driven by LLMs.
Our results show that AutoPT outperforms the baseline framework ReAct on the GPT-4o mini model.
arXiv Detail & Related papers (2024-11-02T13:24:30Z) - Coupled Requirements-driven Testing of CPS: From Simulation To Reality [5.7736484832934325]
Failures in safety-critical Cyber-Physical Systems (CPS) can lead to severe incidents impacting physical infrastructure or even harming humans.
Current simulation and field testing practices, particularly in the domain of small Unmanned Aerial Systems (sUAS), are ad-hoc and lack a thorough, structured testing process.
We have developed an initial framework for validating CPS, specifically focusing on sUAS and robotic applications.
arXiv Detail & Related papers (2024-03-24T20:32:12Z) - Selene: Pioneering Automated Proof in Software Verification [62.09555413263788]
We introduce Selene, which is the first project-level automated proof benchmark constructed based on the real-world industrial-level operating system microkernel, seL4.
Our experimental results with advanced large language models (LLMs), such as GPT-3.5-turbo and GPT-4, highlight the capabilities of LLMs in the domain of automated proof generation.
arXiv Detail & Related papers (2024-01-15T13:08:38Z) - Defining and executing temporal constraints for evaluating engineering
artifact compliance [56.08728135126139]
Process compliance focuses on ensuring that the actual engineering work is followed as closely as possible to the described engineering processes.
Checking these process constraints is still a daunting task that requires a lot of manual work and delivers feedback to engineers only late in the process.
We present an automated constraint checking approach that can incrementally check temporal constraints across inter-related engineering artifacts upon every artifact change.
arXiv Detail & Related papers (2023-12-20T13:26:31Z) - Market Research on IIoT Standard Compliance Monitoring Providers and deriving Attributes for IIoT Compliance Monitoring [0.0]
This paper conducts a market study on providers implementing IEC 62443 in IIoT.
It aims to formulate a catalog of monitorable attributes aligned with the standard.
The study reveals challenges, such as a lack of formal separation in security architectures.
arXiv Detail & Related papers (2023-11-16T16:08:52Z) - Performance Analysis of Security Certificate Management System in
Vehicle-to-Everything (V2X) [0.0]
This study implements end entities and a Security Credential Management System conforming to IEEE 1609.2 and IEEE 1609.2.1 standards.
It measures the computation and transmission times for each security communication action within the system from the perspective of end entities.
arXiv Detail & Related papers (2023-09-18T02:24:33Z) - A General Framework for Verification and Control of Dynamical Models via Certificate Synthesis [54.959571890098786]
We provide a framework to encode system specifications and define corresponding certificates.
We present an automated approach to formally synthesise controllers and certificates.
Our approach contributes to the broad field of safe learning for control, exploiting the flexibility of neural networks.
arXiv Detail & Related papers (2023-09-12T09:37:26Z) - Safety of the Intended Functionality Concept Integration into a
Validation Tool Suite [0.0]
This work demonstrates how the integration of the SOTIF process within an existing validation tool suite can be achieved.
The necessary adaptations are explained with accompanying examples to aid comprehension of the approach.
arXiv Detail & Related papers (2023-08-31T12:22:35Z) - Leveraging Traceability to Integrate Safety Analysis Artifacts into the
Software Development Process [51.42800587382228]
Safety assurance cases (SACs) can be challenging to maintain during system evolution.
We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models.
We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
arXiv Detail & Related papers (2023-07-14T16:03:27Z) - A Requirements-Driven Platform for Validating Field Operations of Small
Uncrewed Aerial Vehicles [48.67061953896227]
DroneReqValidator (DRV) allows sUAS developers to define the operating context, configure multi-sUAS mission requirements, specify safety properties, and deploy their own custom sUAS applications in a high-fidelity 3D environment.
The DRV Monitoring system collects runtime data from sUAS and the environment, analyzes compliance with safety properties, and captures violations.
arXiv Detail & Related papers (2023-07-01T02:03:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.