Cyber–Physical Systems Forensics: Today and Tomorrow
Abstract
:1. Introduction
2. Background
2.1. Cyber-Physical Systems
2.2. Forensics
2.3. Related Work
3. Security Attacks on CPS
3.1. Passive Attacks
3.2. Active Attacks
3.3. Attack Modes
4. CPS Forensics
4.1. Technical Dimension
- Forensics Data Gathering. When an attack occurs several data collection steps need to be performed while preserving the integrity and validity of this data. This includes finding, recognizing, marking, acquiring, analyzing, and reporting forensics data. Unlike other digital forensics types, data gathering in CPS involves collecting data from and about the digital components along with the corresponding physical environment. This also implies that data gathering will involve traditional physical evidence collection related to the attack and its effects. The physical environment can offer information based on the traces left behind and/or the physical damages incurred. On the cyber side of the operation, data collected and preserved from a variety of computing and control devices must be validated. The tools used to gather this data will differ based on the technologies used in these components. Sources of data will also be extremely different from traditional systems as there will be multiple sources with different storage and reporting methods and formats in addition to different capabilities and resources.
- Dynamic Existence. Discounting the main computing resources in a CPS (full scale devices and resources) that must be present continuously, there are components and devices that drop in and out of the system dynamically. Many components in a CPS will only be available while actively completing an assigned task. For all other times, it remains inactive or disconnects from the system to preserve resources. For example, a wireless motion activated camera will only record and transmit data if there is movement in its range. In addition, some of these components have small storage capabilities. These are usually set up to deliver sensed data and overwrite it periodically to save space. Collecting forensics evidence requires tools that are capable of recognizing these special operational conditions. Furthermore, control signals may not be stored on a continuous basis (only control signals differencing from normal are recorded for example) leading to gaps in information about how the actions were triggered.
- Connection to the Physical Environment. The intimate connection between the different digital components in a CPS with the physical environment they operate in imposes additional unique characteristics on the whole system. Forensics here require tools and methods that can combine many of the digital forensic capabilities with traditional forensic processes. Inspecting the sources of a failure, for example, will require tracing the digital evidence leading to the failure in addition to any possible physical evidence such as tampering. In this regard, virtualization, emulation, and simulation techniques can be used as enablers for CPS forensics by provisioning for virtual simulations of the situation and the factors leading to the problem.
- Proactive Measures. A major contributor to effective forensics is being prepared ahead of time. Generally, most software systems have some level of security measures in place. Authentication, authorization, access controls, encryption, and similar measures are becoming standard practice. In CPS, these measures need to be extended to all components of the system including the physical world. Using secure locations, imposing controlled access to locations of these components, limiting external exposure, and using biometrics for access and control are some examples of proactive measures for CPS security. Other proactive measures in CPS require validation and verification of sensed data and action commands. As these devices are prone to failure and tempering, it is important to create strong measures to ensure the correctness and integrity of the collected data and the issued actions. Several models are available and need to be enabled for security and intrusion detection in CPS. One example is using intrusion detection techniques that can be included within the CPS components and sub-systems [76]. There are several intrusion detection techniques developed specifically for CPS applications that can help to overcome some security and other challenges [77].
- Digital Trails. Another proactive measure that is important for forensics is monitoring and recoding all activates in a system. In the cyber world, monitors and logging features are usually integrated with the software to keep track of all transactions, log all access, and record all events. In the physical world, additional measures are needed to have more information about what is happening in the CPS components and the environment they operate in. Physical access logs to locations, human logins to the system and their locations, maintenance records, and hardware upgrades/replacements are some examples. In addition, recording physical changes in the environment, such as temperature, lighting, and movements, to name a few is necessary for analysis if a security incident occurs in the CPS. Using intrusion detection for example, enables collecting data related to CPS activities during normal operations. Examples include data about the interactions among different sub-systems within, information exchange between the software components and the sensing devices and actuators, interaction logs between the CPS and the external environment. This information is collected for intrusion detection, but a preserved complete record (digital trails) of this data is tremendously useful for forensics analysis when an attack occurs.
- Heterogeneity of Components. In CPS the components differ from each other in many ways. Some are physical user interface devices, others are sensing devices from various types and capabilities, there are also actuators that are responsible for different actions in the system and operate accordingly. Moreover, we have multiple software components, usually from different sources and sub-systems that require compatible interfaces and connections. A CPS must be capable of handling this verity and operating effectively across the whole system. With all these differences, adding features to assist in forensics becomes a challenge. In addition, incorporating proactive measures and logging methods may be hindered by the limited resources in some devices, privacy issues in others, and access controls as well. This also imposes some requirements on the forensics tools being used as some may not be compatible with all the different components or could require resources not usually available on many of them.
4.2. Organizational Dimension
- Private Limited Ownership CPS. At the smallest level, we can consider CPS that are owned and operated by a single entity (one or few people). One example could be a home security system or a privately owned self-driving vehicle. Here access, ownership, and tracking of data is manageable and can be secured and validated quickly. In addition, privacy issues are minimal and contained under a single control point.
- Intra-Organization CPS. There are CPS that operate across a single organization such as a small factory using CPS to monitor and control assembly line operations. Here we also have a relatively contained CPS under a single control system. As a result, control, access, and privacy issues are limited within the owning entity.
- Separate CPS Ownership/Operations. CPS can also be owned by an entity but operated and controlled by a different independent entity. For example, a small business using CPS commissioned through a third party such as a cloud service provider or specialized technology company. Here forensic data will be needed from both sides and privacy and access issues may arise as each entity has its own rules and security requirements.
- Federated Organizations CPS. Another type of CPS covers multiple systems and locations owned by a federation of entities. For example, CPS to monitor and control a supply chain for retailers. These systems will operate in collaboration across many independent entities. Take for example a large retailer obtaining merchandise from multiple producers, using different companies for transportation and warehousing in addition to their own retail systems. Here responsibilities further distribute across multiple entities, thus adding more challenges to finding, accessing, and using forensic data.
- Large Scale Open Ownership CPS. CPS can also be implemented and operated across many independent and non-federated entities. The sub-systems interact with each other through specified interfaces, but none of them has direct access or control to the others. For example, ATM machines and point-of-sale (PoS) components can be part of a large CPS that facilitates access to users’ accounts through multiple banks and financial institutions. The system operates across all of them; however, each one operates independently and may have very different security and data collection policies.
4.3. Legal Dimension
- Ownership. The legal implications of data/evidence ownerships can impede or complicate forensics efforts. Well defined limited ownership of CPS components limits the responsibility chain to the defined owners and can be easier to handle the legal processes like warrants, seizers, and validations. For example, assume an attack on a medical CPS occurred that altered some patients’ records. The investigation will require access to many patients’ records to identify the full impact of the attack and find traces leading to the attackers. However, these data, although collected and managed by the medical CPS owners, individual records also belong to their respective patients. How will warrants, for example, be handled? Who will be viewing and analyzing this data?
- Jurisdiction. Where is everything? In the United States, many states have different state laws and ways of enforcing them. In addition, law enforcement in one state usually cannot pursue criminals and criminal evidence outside their state. The same applies when considering multiple countries. CPS spanning multiple jurisdiction areas, will cause major problems in terms of handling the legal aspect of the forensics and the use of CPS collected/generated data. A discussion of an example of this issue is available in [84]. Going back to the medical CPS attack. If this system covers multiple states or countries, what happens if some allow access to all patients’ records with one warrant, while others require individual warrants for each record? What if a certain activity is considered a crime in one country and not a crime in another? Even if there is some collaboration between these states or countries regarding forensics procedures, which laws should be enforced?
- Intellectual Property and Trade Secrets. Forensic searches in the digital world could lead to the exposure of a lot of information that is intended to be protected by law. Intellectual property data may inadvertently expose certain organizations to competition. Another critical issue is the trade secrets organizations need to be kept private and never exposed. What happens if the forensic analysis exposes this information? What are the legal implications? CPS in a factory, for example, may be monitoring a very complicated fabrication process that is kept secret. If an attack occurs on this CPS, the investigation may outline this process and expose it.
- Private Information. This is probably the most discussed and debated issue regarding digital forensics in general and it is more prevalent when performing CPS forensics. Any CPS will have direct links and interactions to humans and data relevant to their work, living, medical history, etc. Some CPS components may be able to analyze and discard personalized data on the spot, while others do not have the capabilities to do that, so they transmit everything to some storage component in the system. In addition, when dealing with forensic evidence, anonymized data may not be useful, thus investigators will need access to the complete data sets, which could easily violate a person’s privacy rights. Many data breaches occurred in the past few years that led to the exposure of huge amounts of sensitive data. CPS have that unique position to collect and record all kinds of data way beyond what a regular user could comprehend. This further violates their privacy when investigated. Within an organization, an attack may warrant full investigation of all employee work and access records. This could still lead to private data exposure not relevant to the attack itself.
- Relevance. CPS gather continuous and detailed data to facilitate smooth and efficient operations and effective controls of the systems they interact with. A lot of this data may not be security relevant but may have some effect on security aspects. The forensic analysts face a big challenge trying to sift through huge amounts of data to pinpoint the relevant data to the security attack being investigated. Some may be easily recognizable, such as IP address access logs and user authentication logs. However, some relevant data may be disguised under the apparent illusion of irrelevance. For example, assume an attacker penetrates a system and initiates executions of specific codes that can allow this attacker to use the CPUs available for their own benefit. When this attack is discovered, network and access logs will be the first to be looked into. However, these may not always offer usable evidence. However, other data such as how long the CPU has been executing at an abnormal or irregular level, how much memory is being in use, or even how fast the user responses are happening for the regular users, can be useful. A careful investigation of this type of (irrelevant) data may lead to more clues about the attack. All of this makes the legal process more difficult in terms of identifying the types of warrants needed, whether or not some evidence will be admissible if it is found outside the warrant boundaries, or to what extent the search methods are acceptable in terms of legality, ethics, and privacy.
4.4. Discussion
5. Current CPS Forensics Approaches
6. Future CPS Forensics Directions
6.1. Investigation Approaches
- Investigators. This is probably an overlooked area. There are ongoing efforts to train criminal investigators on finding and handling digital evidence. Unfortunately, in CPS, the cyber side is a lot more complex and collecting and analyzing digital evidence is practically beyond the capabilities of traditional law enforcement investigators. On the flip side, there are many highly experienced technical investigators capable of performing sophisticated investigation and analysis techniques. Unfortunately, they are not well versed when it comes to the legal aspects of finding and handling evidence. This requires changing how these two categories work and creating models that will allow them to seamlessly collaborate for more effective investigations across the CPS (physical and digital). In addition, more efforts are needed to create systematic procedures and practices to better define and control investigation activities to match the increasing complexity of the process.
- Law enforcement. Laws and law enforcement in the digital world and CPS need to be updated and adjusted to accommodate for the changes. According to [11], cyber security legislations are insufficient and vague. Furthermore, legislations do not precisely address issues in CPS, such as defining what constitutes a digital (or CPS) crime; identifying what is (or not) acceptable as evidence; addressing the legalities of digital enhancements of evidence; issuing and handling digital and physical search warrants; securing the CPS including all its cyber and physical components as a crime scene; and handing CPS court proceedings. In CPS, experts in criminal law need to be aware of, and preferably fluent in, technology. At the same time, technology experts must have a good understanding of the legal aspects of forensics. Researchers, legislators, security experts and criminal investigators need to create collaboration and training models to have experts in CPS forensics.
- Observation. When a security attack is detected on CPS, the process of observing its effects and collecting information about the conditions that led to them starts. Here, physical investigations may be needed if the attack resulted in some form of physical damages, led to abnormal behavior of physical components, or was facilitated by physical actions. Digital search will cover the cyber parts to identify the causes and try to find the culprits. Investigators will need to quickly identify and isolate evidence and ensure the usability (admissibility) of the evidence. A major problem in these scenarios is that CPS components are not always in one location and are not always connected or in use. As a result, deciding on how to secure the crime scene requires more knowledge of the CPS architecture and the physical and digital characteristic and locations of their components. New tools to help in this process are needed to ensure comprehensive coverage and accurate collection of evidence. One possible example is creating a visualization tool showing all CPS components and their connectivity and operational status in real time. This will help identify the areas and components that need to be secured and investigated.
- Analysis. Collecting and preserving evidence (or what appears to be evidence) is the first step. However, analysis is another critical part of the investigation process. There are various tools used in physical evidence analysis, such as analyzing blood samples, autopsies, visual observations, and profiling. In addition, digital tools, such as facial recognition, DNA analysis, GPS location mapping, and many more are also used for this purpose. On the cyber side, computer crime investigations have also advanced heavily, and technologies are currently capable of handling and processing huge amounts and types of data evidence quickly and accurately. For CPS forensics, all of these tools are useful, yet more is needed to allow for more comprehensive coverage and efficient methods. For example, data analytics tools can be designed to find correlations between digital and physical evidence; creating digital models depicting some aspects of the crime scene using both physical and digital evidence; and introducing reliable and trustworthy computational techniques for more in depth analysis and evidence manipulation. Virtualization of the CPS crime scene and using techniques similar to or adapted from other domain, for example in manufacturing [97], can provide a good investigation platform for investigators. Another useful tool currently in use in many other fields is the information dashboard. Creating a similar tool that allows for different representations of collected evidence also provides investigators with easy methods to create more abstractions and view the data from different angles.
6.2. Data-Driven CPS Forensics
- Data Collection. Careful planning of CPS operations and data collection and storage functions is necessary to facilitate better forensics. Physical devices, such as video cameras, thermal sensors, and entry log recorders, can provide useful information. Digitally, provisions to record more data for forensics can be made early in the Design phase of the CPS. At that stage, it is easier to add these measures with minimum disruption to the actual functionalities of the CPS. In addition, treating the forensics as a system requirement will ensure accurate integration and resource planning for the CPS operations. Generally, current work does not address CPS forensics (and likely all types of digital forensics) as part of a system’s requirements. Therefore, several opportunities to gather useful data are missed. We need to change the way we address this and include better security engineering principles alongside the software/system development principles.
- Data Management. Tools to help organize, move, and access collected data need to be adapted to handle the real-time streams of data and large storage and communications requirements. With this also comes the responsibility to protect data privacy and ensure legitimate access to the data. User friendly and configurable tools to rearrange, aggregate, and anonymize data before presenting it to investigators are going to be a great help in this process. When information about a specific type of activity is needed and the identity of the users is not important, the investigator should be able to enter the required criteria and the tools will run through the data and present the parts needed, while hiding the rest of it. Another important aspect here is establishing a foundation for data trustworthiness. There are different possible directions for data trustworthiness and sharing including trustworthiness of data based on provenances, formal policy analysis, and security experiments reproducibility. This will require relying on approaches that can establish and maintain trust relationships between the different components of the CPS applications and any other systems interacting with them. One possible method is using blockchain to enhance trust and secure transactions [100,101]. Blockchain was discussed as a tool for smart city security [102,103]. In CPS forensics it can similarly help ensure the authenticity and correctness of shared data and provide a strong base for establishing proofs.
- Automation. The existence of a multitude of data about CPS allows for the opportunity to create automation techniques for some forensics methods. There are various applications in use for evidence analysis such as facial recognition, video analysis, and DNA comparisons. These techniques can be adapted to analyze CPS forensics data for specific goals. For example, algorithms that can compare different data streams and identify anomalies between the two, or tools to overlay different activities in different parts of the CPS to find overlaps or correlations between them. Another area of automation is controlling the operations of different parts of the CPS. In this case, a tool that can automatically shut down specific components, divert traffic from one path to another, or isolate specific parts of the network will allow investigators to have better control over the CPS, which will help in terms of securing evidence, preserving instantaneous data and operational conditions, and ensuring restricted access to the components during the investigation. Furthermore, many security attack detection and mitigation operations can be automated and used to provide solutions to detect and react to attacks like intrusion detection and prevention systems (IDPSs) and deal with challenging CPS security aspects such as advanced persistent threats (APTs) [104] and low and slow vectors [105]. Example possible approaches include context representation and sharing, detecting attacks using reasoning, graph grammars, and stream-based classification [106]. The data is available, and automation will save a lot of time and open up new opportunities to find links and clues.
- Intelligent Data Analysis. Traditional data analytics are important tools for CPS forensics. However, advances in artificial intelligence, data mining, and machine learning techniques can offer tremendous benefits. These approaches have been applied in other areas relevant to CPS such as in smart buildings, self-driving cars, smart water networks, smart manufacturing, smart grids, and smart traffic light controls. Machine learning algorithms can monitor and learn from the CPS components’ usage patterns and help identify flows or adjust configurations to enhance security measures and forensics data collection. They can also be used to monitor and learn human behavior and interactions with the CPS to help improve the cyber-physical interactions, identify possible problem areas, and quickly detect abnormal behaviors. In addition, analyzing the human–CPS interactions can facilitate better understanding of the relationship between human behavior and vulnerability to different types of attacks [107]. Intelligent algorithms can be designed to analyze these behaviors and create better interaction policies and monitoring techniques to prevent future attacks [108]. Machine learning algorithms can also be used across multiple CPS operating in similar conditions or performing similar functions. In this case, we have larger datasets and more sources for training the algorithms. As a result, these algorithms can achieve better learning capabilities faster. However, these same capabilities and reliance on training sets could lead to additional security risks and more complex forensics requirements. These threats can be classified as threats against the training phase and threats against the testing/inferring phase [109]. For example, attackers may add more data to the training sets that negatively influences the performance of the learning process (attacking the training phase), thus reducing the effectiveness of the learning algorithm. Another example is the poisoning attack, which disrupts the availability and the integrity of the machine learning processes via introducing adversarial samples to the training data set. The poisoning attack generally targets the inference process by disrupting or even diverting it from the correct learning path. Different countermeasures to these attacks were discussed in [109]. However, this will require developing CPS forensics mechanisms and tools that are capable of dealing with and taking advantage of artificial intelligence and machine learning algorithms.
- Modeling and Simulation. Creating a model for a system relies heavily on the data available about it. For CPS forensics, data collected can be used to build accurate models for the CPS and the conditions of its components before, during, and after an attack. This creates plenty of opportunities to analyze and compare the models to find clues and to identify weak spots in the CPS. In addition, the use of simulations can help provide better insights about the effects and available evidence in all parts of the CPS, especially the physical parts. The concept of digital twin has been around in other fields, such as smart manufacturing [110]. The same approach can be applied to CPS to provide accurate simulation model of the physical parts and link them to the digital parts. This will assist in creating complete views of the CPS and run different operational scenarios for the investigation. Simulation models can also assist in visualizing and tracing the control loops in the CPS and how each action affects subsequent actions. This will create a systematic time-based view of events that occurred leading to and during an attack.
6.3. CPS Forensics Engineering
7. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Lee, E.A. Cyber physical systems: Design challenges. In Proceedings of the 11th IEEE Symposium on Object Oriented Real-Time Distributed Computing (ISORC), Orlando, FL, USA, 5–7 May 2008. [Google Scholar]
- Lee, J.; Bagheri, B.; Kao, H. A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manuf. Lett. 2015, 3, 18–23. [Google Scholar] [CrossRef]
- Mohamed, N.; Al-Jaroodi, J.; Lazarova-Molnar, S. Leveraging the Capabilities of Industry 4.0 for Improving Energy Efficiency in Smart Factories. IEEE Access 2019, 7, 18008–18020. [Google Scholar] [CrossRef]
- Lee, I.; Sokolsky, O.; Chen, S.; Hatcliff, J.; Jee, E.; Kim, B.; King, A.; Mullen-Fortino, M.; Park, S.; Roederer, A.; et al. Challenges and research directions in medical cyber–physical systems. Proc. IEEE 2011, 100, 75–90. [Google Scholar]
- Mohamed, N.; Al-Jaroodi, J. The Impact of Industry 4.0 on Healthcare System Engineering. In Proceedings of the 13th Annual IEEE International Systems Conference (SYSCON), Orlando, FL, USA, 8–11 April 2019; pp. 431–437. [Google Scholar]
- Schmidt, M.; Åhlund, C. Smart buildings as Cyber-Physical Systems: Data-driven predictive control strategies for energy efficiency. Renew. Sustain. Energy Rev. 2018, 99, 742–756. [Google Scholar] [CrossRef] [Green Version]
- Lazarova-Molnar, S.; Shaker, H.R.; Mohamed, N. Reliability of Cyber Physical Systems with Focus on Building Management Systems. In Proceedings of the IEEE Int’l Performance Computing and Communications Conference (IPCCC), Las Vegas, NV, USA, 9–11 December 2016. [Google Scholar]
- Deka, L.; Khan, S.M.; Chowdhury, M.; Ayres, N. Transportation cyber-physical system and its importance for future mobility. In Transportation Cyber-Physical Systems; Elsevier: Amsterdam, The Netherlands, 2018; pp. 1–20. [Google Scholar]
- Rajkumar, R.; Lee, I.; Sha, L.; Stankovic, J. Cyber-physical systems: The next computing revolution. In Proceedings of the Design Automation Conference, Anaheim, CA, USA, 13–18 June 2010; pp. 731–736. [Google Scholar]
- Karnouskos, S. Stuxnet worm impact on industrial cyber-physical system security. In Proceedings of the IECON 2011-37th Annual Conference of the IEEE Industrial Electronics Society, Melbourne, Victoria, Australia, 7–10 November 2011; pp. 4490–4494. [Google Scholar]
- Viganò, E.; Loi, M.; Yaghmaei, E. Cybersecurity of Critical Infrastructure. In The Ethics of Cybersecurity; Christen, M., Gordijn, B., Loi, M., Eds.; The International Library of Ethics, Law and Technology, Springer: Cham, Switzerland, 2020; Volume 21. [Google Scholar]
- Al-Jaroodi, J.; Mohamed, N. PsCPS: A Distributed Platform for Cloud and Fog Integrated Smart Cyber-Physical Systems. IEEE Access 2018, 6, 41432–41449. [Google Scholar] [CrossRef]
- Nazarenko, A.A.; Camarinha-Matos, L.M. Towards collaborative cyber-physical systems. In Proceedings of the International Young Engineers Forum (YEF-ECE), Costa de Caparica (Lisbon), Portugal, 5 May 2017; pp. 12–17. [Google Scholar]
- Khalid, A.; Kirisci, P.; Khan, Z.H.; Ghrairi, Z.; Thoben, K.D.; Pannek, J. Security framework for industrial collaborative robotic cyber-physical systems. Comput. Ind. 2018, 97, 132–145. [Google Scholar] [CrossRef] [Green Version]
- Al-Jaroodi, J.; Mohamed, N.; Jawhar, I. A service-oriented middleware framework for manufacturing industry 4.0. ACM SIGBED Rev. 2018, 15, 29–36. [Google Scholar] [CrossRef]
- Simmon, E.; Kim, K.S.; Subrahmanian, E.; Lee, R.; De Vaulx, F.; Murakami, Y.; Zettsu, K.; Sriram, R.D. A Vision of Cyber-Physical Cloud Computing for Smart Networked Systems; US Department of Commerce, National Institute of Standards and Technology: Gaithersburg, MD, USA, 2013.
- Lyman, M.D. Criminal Investigation: The Art and the Science; Prentice Hall: Upper Saddle River, NJ, USA, 2001. [Google Scholar]
- Bell, S. Crime and Circumstance: Investigating the History of Forensic Science; ABC-CLIO: Santa Barbara, CA, USA, 2008. [Google Scholar]
- Catts, E.P.; Goff, M.L. Forensic entomology in criminal investigations. Annu. Rev. Entomol. 1992, 37, 253–272. [Google Scholar] [CrossRef]
- Allen, W.H. Computer forensics. IEEE Secur. Priv. 2005, 3, 59–62. [Google Scholar] [CrossRef]
- Casey, E. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet; Academic Press: Cambridge, MA, USA, 2011. [Google Scholar]
- Handbook of Computer Crime Investigation: Forensic Tools and Technology; Casey, E. (Ed.) Elsevier: Amsterdam, The Netherlands, 2001. [Google Scholar]
- Taylor, R.W.; Fritsch, E.J.; Liederbach, J. Digital Crime and Digital Terrorism; Prentice Hall Press: Upper Saddle River, NJ, USA, 2014. [Google Scholar]
- Reith, M.; Carr, C.; Gunsch, G. An examination of digital forensic models. Int. J. Digit. Evid. 2002, 1, 1–12. [Google Scholar]
- Wang, Y.; Lee, H.C. Research on some relevant problems in computer forensics. In Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering, Hangzhou, China, 22–23 March 2013; Atlantis Press: Paris, France, 2013. [Google Scholar]
- Andersson, V. Standards and Methodologies for Evaluating Digital Forensics Tools: Developing and Testing a New Methodology. Bachelor’s Thesis, Halmstad University, Halmstad, Sweden, 2018. [Google Scholar]
- Choi, K.-S.; Lee, C.S.; Louderback, E.R. Historical Evolutions of Cybercrime: From Computer Crime to Cybercrime. In The Palgrave Handbook of International Cybercrime and Cyberdeviance; Springer Nature Switzerland AG: Cham, Switzerland, 2020; pp. 27–43. [Google Scholar]
- Humayed, A.; Lin, J.; Li, F.; Luo, B. Cyber-physical systems security—A survey. IEEE Internet Things J. 2017, 4, 1802–1831. [Google Scholar] [CrossRef]
- Ashibani, Y.; Mahmoud, Q.H. Cyber physical systems security: Analysis, challenges and solutions. Comput. Secur. 2017, 68, 81–97. [Google Scholar] [CrossRef]
- Wang, E.Y.; Ye, Y.; Xu, X.; Yiu, S.M.; Hui, L.C.K.; Chow, K.P. Security issues and challenges for cyber physical system. In Proceedings of the IEEE/ACM Int’l Conference on Green Computing and Communications & Int’l Conference on Cyber, Physical and Social Computing, Hangzhou, China, 18–20 December 2010; pp. 733–738. [Google Scholar]
- Alguliyev, R.; Imamverdiyev, Y.; Sukhostat, L. Cyber-physical systems and their security issues. Comput. Ind. 2018, 100, 212–223. [Google Scholar] [CrossRef]
- Neuman, C. Challenges in security for cyber-physical systems. In DHS Workshop on Future Directions in Cyber-Physical Systems Security; 2009; pp. 22–24. Available online: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.152.973&rep=rep1&type=pdf (accessed on 7 July 2020).
- Banerjee, A.; Venkatasubramanian, K.K.; Mukherjee, T.; Gupta, S.K.S. Ensuring safety, security, and sustainability of mission-critical cyber–physical systems. Proc. IEEE 2011, 100, 283–299. [Google Scholar] [CrossRef]
- Burg, A.; Chattopadhyay, A.; Lam, K.Y. Wireless communication and security issues for cyber-physical systems and the Internet-of-Things. Proc. IEEE 2017, 106, 38–60. [Google Scholar] [CrossRef]
- Cardenas, A.; Amin, S.; Sinopoli, B.; Giani, A.; Perrig, A.; Sastry, S. Challenges for securing cyber physical systems. In Workshop on Future Directions in Cyber-Physical Systems Security; 2009; Available online: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.152.5198&rep=rep1&type=pdf (accessed on 7 July 2020).
- Sridhar, S.; Hahn, A.; Govindarasu, M. Cyber–physical system security for the electric power grid. Proc. IEEE 2011, 100, 210–224. [Google Scholar] [CrossRef]
- Sun, C.C.; Liu, C.C.; Xie, J. Cyber-physical system security of a power grid: State-of-the-art. Electronics 2016, 5, 40. [Google Scholar] [CrossRef] [Green Version]
- Huang, S.; Zhou, C.J.; Yang, S.H.; Qin, Y.Q. Cyber-physical system security for networked industrial processes. Int. J. Autom. Comput. 2015, 12, 567–578. [Google Scholar] [CrossRef] [Green Version]
- Wells, L.J.; Camelio, J.A.; Williams, C.B.; White, J. Cyber-physical security challenges in manufacturing systems. Manuf. Lett. 2014, 2, 74–77. [Google Scholar] [CrossRef]
- Wurm, J.; Jin, Y.; Liu, Y.; Hu, S.; Heffner, K.; Rahman, F.; Tehranipoor, M. Introduction to cyber-physical system security: A cross-layer perspective. IEEE Trans. Multi-Scale Comput. Syst. 2016, 3, 215–227. [Google Scholar] [CrossRef]
- DiMase, D.; Collier, Z.A.; Heffner, K.; Linkov, L. Systems engineering framework for cyber physical security and resilience. Environ. Syst. Decis. 2015, 35, 291–300. [Google Scholar] [CrossRef]
- Hahn, A.; Thomas, R.K.; Lozano, I.; Cardenas, A. A multi-layered and kill-chain based security analysis framework for cyber-physical systems. Int. J. Crit. Infrastruct. Prot. 2015, 11, 39–50. [Google Scholar] [CrossRef]
- Ruan, K.; Carthy, J.; Kechadi, T.; Crosbie, M. Cloud forensics. In IFIP International Conference on Digital Forensics; Springer: Heidelberg/Berlin, Germany, 2011; pp. 35–46. [Google Scholar]
- Ruan, K.; Carthy, J.; Kechadi, T.; Baggili, I. Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digit. Investig. 2013, 10, 34–43. [Google Scholar] [CrossRef]
- Dykstra, J.; Sherman, A.T. Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies; ADFSL Conference on Digital Forensics, Security and Law: Richmond, VA, USA, 2011. [Google Scholar]
- Alex, M.E.; Kishore, R. Forensics framework for cloud computing. Comput. Electr. Eng. 2017, 60, 193–205. [Google Scholar] [CrossRef]
- Huang, C.; Lu, R.; Choo, K.K.R. Vehicular fog computing: Architecture, use case, and security and forensic challenges. IEEE Commun. Mag. 2017, 55, 105–111. [Google Scholar] [CrossRef]
- Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrag, M.A.; Choudhury, N.; Kumar, V. Security and privacy in fog computing: Challenges. IEEE Access 2017, 5, 19293–19304. [Google Scholar] [CrossRef]
- Esposito, C.; Castiglione, A.; Pop, F.; Choo, K.K.R. Challenges of connecting edge and cloud computing: A security and forensic perspective. IEEE Cloud Comput. 2017, 4, 13–17. [Google Scholar] [CrossRef]
- Mylonas, A.; Meletiadis, V.; Tsoumas, B.; Mitrou, L.; Gritzalis, D. Smartphone forensics: A proactive investigation scheme for evidence acquisition. In IFIP International Information Security Conference; Springer: Heidelberg/Berlin, Germany, 2012; pp. 249–260. [Google Scholar]
- Mylonas, A.; Meletiadis, V.; Mitrou, L.; Gritzalis, D. Smartphone sensor data as digital evidence. Comput. Secur. 2013, 38, 51–75. [Google Scholar] [CrossRef] [Green Version]
- Grover, J. Android forensics: Automated data collection and reporting from a mobile device. Digit. Investig. 2013, 10, S12–S20. [Google Scholar] [CrossRef]
- Mahalik, H.; Tamma, R.; Bommisetty, S. Practical Mobile Forensics; Packt Publishing Ltd.: Birmingham, UK, 2016. [Google Scholar]
- MacDermott, A.; Baker, T.; Shi, Q. Iot forensics: Challenges for the ioa era. In Proceedings of the 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 26–28 February 2018; pp. 1–5. [Google Scholar]
- Meffert, C.; Clark, D.; Baggili, I.; Breitinger, F. Forensic State Acquisition from Internet of Things (FSAIoT) A general framework and practical approach for IoT forensics through IoT device state acquisition. In Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, 29 August–2 September 2017; pp. 1–11. [Google Scholar]
- Yaqoob, I.; Hashem, I.A.T.; Ahmed, A.; Kazmi, S.A.; Hong, C.S. Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges. Future Gener. Comput. Syst. 2019, 92, 265–275. [Google Scholar] [CrossRef]
- Conti, M.; Dehghantanha, A.; Franke, K.; Watson, S. Internet of Things security and forensics: Challenges and opportunities. Future Gener. Comput. Syst. 2018, 78, 544–546. [Google Scholar] [CrossRef]
- Ahmed, I.; Obermeier, S.; Naedele, M.; Richard, G.G., III. Scada systems: Challenges for forensic investigators. Computer 2012, 45, 44–51. [Google Scholar] [CrossRef]
- Elhoseny, M.; Hosny, A.; Hassanien, A.E.; Muhammad, K.; Sangaiah, A.K. Secure automated forensic investigation for sustainable critical infrastructures compliant with green computing requirements. IEEE Trans. Sustain. Comput. 2017, 5, 174–191. [Google Scholar] [CrossRef]
- Hilal, H.; Nangim, A. Network security analysis SCADA system automation on industrial process. In Proceedings of the 2017 International Conference on Broadband Communication, Wireless Sensors and Powering (BCWSP), Jakarta, Indonesia, 21–23 November 2017; pp. 1–6. [Google Scholar]
- Sohl, E.; Fielding, C.; Hanlon, T.; Rrushi, J.; Farhangi, H.; Howey, C.; Carmichael, K.; Dabell, J. A field study of digital forensics of intrusions in the electrical power grid. In Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy, Denver, CO, USA, 12 October 2015; pp. 113–122. [Google Scholar]
- Do, Q.; Martini, B.; Choo, K.K.R. Cyber-physical systems information gathering: A smart home case study. Comput. Netw. 2018, 138, 1–12. [Google Scholar] [CrossRef]
- Baig, Z.A.; Szewczyk, P.; Valli, C.; Rabadia, P.; Hannay, P.; Chernyshev, M.; Johnstone, M.; Kerai, P.; Ibrahim, A.; Sansurooah, K.; et al. Future challenges for smart cities: Cyber-security and digital forensics. Digit. Investig. 2017, 22, 3–13. [Google Scholar] [CrossRef]
- Cebe, M.; Erdin, E.; Akkaya, K.; Aksu, H.; Uluagac, S. Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles. IEEE Commun. Mag. 2018, 56, 50–57. [Google Scholar] [CrossRef] [Green Version]
- Al Faruque, M.A.; Chhetri, S.R.; Canedo, A.; Wan, J. Forensics of Thermal Side-Channel in Additive Manufacturing Systems; University of California: Irvine, CA, USA, 2016. [Google Scholar]
- North America Electric Reliability Corp, Defense Use Case. Analysis of the Cyber Attack on the Ukrainian Power Grid; SANS Ind. Control Syst.: Wachington, DC, USA, 2016; Tech. Rep. [Google Scholar]
- Bronk, C.; Tikk-Ringas, E. The Cyber Attack on Saudi Aramco. Survival 2013, 55, 81–96. [Google Scholar] [CrossRef]
- Lindsay, J.R. Stuxnet and the Limits of Cyber Warfare. Secur. Stud. 2013, 22, 365–404. [Google Scholar] [CrossRef]
- Al-Mhiqani, M.N.; Ahmad, R.; Yassin, W.; Hassan, A.; Abidin, Z.Z.; Ali, N.S.; Abdulkareem, K.H. Cyber-security incidents: A review cases in cyber-physical systems. Int. J. Adv. Comput. Sci. Appl. 2018, 9, 499–508. [Google Scholar]
- Orojloo, H.; Azgomi, M.A. A method for evaluating the consequence propagation of security attacks in cyber–physical systems. Future Gener. Comput. Syst. 2017, 67, 57–71. [Google Scholar] [CrossRef]
- AlTawy, R.; Youssef, A.M. Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 2016, 4, 959–979. [Google Scholar] [CrossRef]
- Plumer, B. It’s Way too Easy to Cause a Massive Blackout in the US. in Vox. Available online: https://www.vox.com/2014/4/14/5604992/us-power-grid-vulnerability (accessed on 30 June 2020).
- Zatyko, K. Defining Digital Forensics. Forensic Mag. 2007, 4, 18–22. [Google Scholar]
- Nelson, B.; Phillips, A.; Steuart, C. Guide to Computer Forensics and Investigations, 5th ed.; Cengage Learning: Boston, MA, USA, 2016. [Google Scholar]
- Pilli, E.S.; Joshi, R.C.; Niyogi, R. Network forensic frameworks: Survey and research challenges. Digit. Investig. 2010, 7, 14–27. [Google Scholar] [CrossRef]
- Han, S.; Xie, M.; Chen, H.H.; Ling, Y. Intrusion detection in cyber-physical systems: Techniques and challenges. IEEE Syst. J. 2014, 8, 1052–1062. [Google Scholar]
- Mitchell, R.; Chen, I.R. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 2014, 46, 55. [Google Scholar] [CrossRef] [Green Version]
- E-Government Act of 2002, US Department of Justice. Available online: https://www.justice.gov/opcl/e-government-act-2002 (accessed on 1 June 2020).
- Bhaimia, S. The General Data Protection Regulation: The next generation of EU data protection. Leg. Inf. Manag. 2018, 18, 21–28. [Google Scholar] [CrossRef]
- Catea, R.M. Challenges of the Not-So-Far Future: EU Robotics and AI Law in Business. Chall. Knowl. Soc. 2018, 213–216. [Google Scholar]
- Huang, J.; Ling, Z.; Xiang, T.; Wang, J.; Fu, X. When digital forensic research meets laws. In Proceedings of the 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012. [Google Scholar]
- Montasari, R.; Hill, R. Next-generation digital forensics: Challenges and future paradigms. In Proceedings of the 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, UK, 16–18 January 2019. [Google Scholar]
- Clever, S.; Crago, T.; Polka, A.; Al-Jaroodi, J.; Mohamed, N. Ethical Analyses of Smart City Applications. Urban Sci. 2018, 2, 96. [Google Scholar] [CrossRef] [Green Version]
- Gross, O. Legal Obligations of States Directly Affected by Cyber-Incidents. Cornell Int. Law J. 2015, 48, 481. [Google Scholar]
- Awad, R.A.; Beztchi, S.; Smith, J.M.; Lyles, B.; Prowell, S. Tools, techniques, and methodologies: A survey of digital forensics for scada systems. In Proceedings of the 4th Annual Industrial Control System Security Workshop, San Juan, PR, USA, 4 December 2018; pp. 1–8. [Google Scholar]
- Mishra, S. Forensic Investigation Framework for Complex Cyber Attack on Cyber Physical System by Using Goals/Sub-goals of an Attack and Epidemics of Malware in a System. In Recent Trends in Communication, Computing, and Electronics; Springer: Singapore, 2019; pp. 491–504. [Google Scholar]
- Aliabadi, M.R.; Kamath, A.A.; Gascon-Samson, J.; Pattabiraman, K. ARTINALI: Dynamic invariant detection for cyber-physical system security. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, 4–8 September 2017; pp. 349–361. [Google Scholar]
- Vollmer, T.; Manic, M. Cyber-physical system security with deceptive virtual hosts for industrial control networks. IEEE Trans. Ind. Inform. 2014, 10, 1337–1347. [Google Scholar] [CrossRef]
- Abedi, M.; Sedaghat, S. Crawler and Spiderin usage in Cyber-Physical Systems Forensics. OIC-CERT J. Cyber Secur. 2018, 1, 53–61. [Google Scholar]
- Alrimawi, F.; Pasquale, L.; Mehta, D.; Nuseibeh, B. I’ve seen this before: Sharing cyber-physical incident knowledge. In Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment, Gothenburg, Sweden, 27 May–3 June 2018; pp. 33–40. [Google Scholar]
- Chan, R.; Chow, K.P. Forensic analysis of a Siemens programmable logic controller. In International Conference on Critical Infrastructure Protection; Springer: Cham, Switzerland, 2016; pp. 117–130. [Google Scholar]
- Abeykoon, I.; Feng, X. A forensic investigation of the robot operating system. In Proceedings of the 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Exeter, UK, 21–23 June 2017; pp. 851–857. [Google Scholar]
- Al-Sharif, Z.A.; Al-Saleh, M.I.; Alawneh, L.M.; Jararweh, Y.I.; Gupta, B. Live forensics of software attacks on cyber–physical systems. Future Gener. Comput. Syst. 2020, 108, 1217–1229. [Google Scholar] [CrossRef]
- Grispos, G.; Glisson, W.B.; Choo, K.R. Medical cyber-physical systems development: A forensics-driven approach. In Proceedings of the 2nd IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, Philadelphia, PA, USA, 17–19 July 2017. [Google Scholar]
- Ab Rahman, N.H.; Glisson, W.B.; Yang, Y.; Choo, K.K.R. Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 2016, 3, 50–59. [Google Scholar] [CrossRef]
- Jones, A.; Vidalis, S.; Abouzakhar, N. Information security and digital forensics in the world of cyber physical systems. In Proceedings of the 2016 Eleventh International Conference on Digital Information Management (ICDIM), Porto, Portugal, 19–21 September 2016; pp. 10–14. [Google Scholar]
- Babiceanu, R.F.; Seker, R. Big Data and virtualization for manufacturing cyber-physical systems: A survey of the current status and future outlook. Comput. Ind. 2016, 81, 128–137. [Google Scholar] [CrossRef]
- Guarino, A. Digital forensics as a big data challenge. In ISSE 2013 Securing Electronic Business Processes; Springer: Wiesbaden, Germany, 2013; pp. 197–203. [Google Scholar]
- Zawoad, S.; Hasan, R. Digital forensics in the age of big data: Challenges, approaches, and opportunities. In Proceedings of the 17th International Conference on High Performance Computing and Communications, 7th International Symposium on Cyberspace Safety and Security, and 12th International Conference on Embedded Software and Systems, New York, NY, USA, 24–26 August 2015. [Google Scholar]
- Al-Jaroodi, J.; Mohamed, N. Blockchain in Industries: A Survey. IEEE Access 2019, 7, 36500–36515. [Google Scholar] [CrossRef]
- Mohamed, N.; Al-Jaroodi, J. Applying blockchain in industry 4.0 applications. In Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 7–9 January 2019; pp. 0852–0858. [Google Scholar]
- Hakak, S.; Khan, W.Z.; Gilkar, G.A.; Imran, M.; Guizani, N. Securing Smart Cities through Blockchain Technology: Architecture, Requirements, and Challenges. IEEE Netw. 2020, 34, 8–14. [Google Scholar] [CrossRef]
- Melhem, A.; AlZoubi, O.; Mardini, W.; Yassein, M.B. Applications of blockchain in smart cities. In Proceedings of the 2nd International Conference on Data Science, E-Learning and Information Systems, Dubai, Arab Emirate, 2–5 December 2019. [Google Scholar]
- Tankard, C. Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011, 8, 16–19. [Google Scholar] [CrossRef]
- Cambiaso, E.; Papaleo, G.; Chiola, G.; Aiello, M. Slow DoS attacks: Definition and categorization. Int. J. Trust. Manag. Comput. Commun. 2013, 1, 300–319. [Google Scholar] [CrossRef]
- Thuraisingham, B.; Kantarcioglu, M.; Hamlen, K.; Khan, L.; Finin, T.; Joshi, A.; Oates, T.; Bertino, E. A data driven approach for the science of cyber security: Challenges and directions. In Proceedings of the IEEE 17th International Conference on Information Reuse and Integration (IRI), Pittsburgh, PA, USA, 28–30 July 2016; pp. 1–10. [Google Scholar]
- Ovelgönne, M.; Dumitraş, T.; Prakash, B.A.; Subrahmanian, V.S.; Wang, B. Understanding the relationship between human behavior and susceptibility to cyber attacks: A data-driven approach. ACM Trans. Intell. Syst. Technol. (TIST) 2017, 8, 51. [Google Scholar] [CrossRef]
- Siminoff, J.; Mitura, M.J.; Amazon Technologies Inc. Behavior-Aware Security Systems and Associated Methods. U.S. Patent Application 16/001,627, 13 December 2018. [Google Scholar]
- Liu, Q.; Li, P.; Zhao, W.; Cai, W.; Yu, S.; Leung, V.C. A survey on security threats and defensive techniques of machine learning: A data driven view. IEEE Access 2018, 6, 12103–12117. [Google Scholar] [CrossRef]
- Uhlemann, T.H.J.; Lehmann, C.; Steinhilper, R. The digital twin: Realizing the cyber-physical production system for industry 4.0. Procedia Cirp 2017, 61, 335–340. [Google Scholar] [CrossRef]
- Poudel, S.; Ni, Z.; Malla, N. Real-time cyber physical system testbed for power system security and control. Int. J. Electr. Power Energy Syst. 2017, 90, 124–133. [Google Scholar] [CrossRef]
- Hahn, A.; Ashok, A.; Sridhar, S.; Govindarasu, M. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Trans. Smart Grid 2013, 4, 847–855. [Google Scholar] [CrossRef]
- Covington, M.J.; Fogla, P.; Zhan, Z.; Ahamad, M.A. A context-aware security architecture for emerging applications. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, NV, USA, 9–13 December 2002; pp. 249–258. [Google Scholar]
CPS Applications | Major Objectives | Potential Security Risks |
---|---|---|
Medical CPS |
|
|
Smart Buildings |
|
|
Smart Grids |
|
|
Pipelines Monitoring and Control |
|
|
Smart Water Networks |
|
|
Vehicular Safety |
|
|
Smart Manufacturing |
|
|
Self-Driving Vehicles |
|
|
Intelligent Traffic Lights |
|
|
Renewable Energy Production (Wind Farms, solar and Hydropower Plants) |
|
|
Energy Efficiency in Data Centers |
|
|
Greenhouse Efficient Controls |
|
|
# | Technical Dimension | Technical Complexity | Organizational Complexity Sources | Legal Complexity Sources |
---|---|---|---|---|
1 | Forensics Data Gathering | Preserving data integrity and validity. Finding, recognizing, marking, acquiring, analyzing, and reporting data. | All dimensions add complexity in an increasing level from 1 thru 5. | All dimensions will increase complexity. |
2 | Dynamic Existence | Components may: Not always be connected Have limited resources Change locations | Complexity increases as CPS grow bigger regardless of the dimension. | Relevance adds complexity. Identifying and legally obtaining ONLY relevant data. |
3 | Connection to the Physical Environment | Combining digital forensics capabilities and traditional forensics processes. | Federated and large-scale open CPS. Managing highly distributed physical and digital resources. | Privacy and relevance come in play. |
4 | Proactive Measures | Solutions incorporated at design time. Pre-incident planning. Extending security measures to all CPS components. | All five dimensions increase complexity. Legacy systems, inadequate resources, and operational software. | Managing privacy of people and the intellectual property and trade secrets. |
5 | Digital Trails | Creating trails for physical and digital activates. | Multiple ownership and control (in community, federated and open). | The major complexity factors here are ownership and privacy. Slight effects from relevance. |
6 | Heterogeneity of Components | Interoperability, interfaces, inadequate resources in some components. | Community, federated and open add complexity in increasing levels. | Ownership of heterogeneous devices may complicate legal access to CPS components. |
Work | Category | Cyber, Physical, or Both | Main Purpose |
---|---|---|---|
Mishra [86] | Investigation approach | Cyber | To understand the propagation steps of multistage CPS attacks in the entire system. |
Aliabadi et al. [87] | Investigation approach | Cyber | To detect common CPS attacks with more accuracy by incorporating time in the mined invariants, along with the traditional data and event invariants. |
Vollmer and Manic [88] | Intrusion Prevention and Intruder Entrapment | Cyber | To create dynamic virtual honeypots for observing and attracting network intruder activities. |
Do et al. [62] | Investigation approach | Cyber | To exploit information retrieved from smart home devices for forensics purposes. |
Abedi and Sedaghat [89] | Intrusion detection | Cyber | To use crawling and spidering techniques to help in CPS forensics. |
Alrimawi et al. [90] | Incident Representation | Both | To enable sharing incidents knowledge and to recognize patterns that occurred in different CPS. |
Chan and Chow [91] | Forensics component | Cyber | To develop logging mechanism for programmable logic controllers to enable forensics analysis. |
Abeykoon and Feng [92] | Forensic tool | Cyber | To develop an analytical framework to acquire digital evidence from a Robot Operating System. |
Al-Sharif et al. [93] | Investigation approach | Cyber | To enable collecting digital evidence extracted from the main memory. |
Grispos et al. [94] | Forensics-by-design | Cyber | To develop a framework for forensics ready medical CPS. |
Ab Rahman et al. [95] | Forensics-by-design | Cyber | To develop a framework for forensics ready CPCS. |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Mohamed, N.; Al-Jaroodi, J.; Jawhar, I. Cyber–Physical Systems Forensics: Today and Tomorrow. J. Sens. Actuator Netw. 2020, 9, 37. https://doi.org/10.3390/jsan9030037
Mohamed N, Al-Jaroodi J, Jawhar I. Cyber–Physical Systems Forensics: Today and Tomorrow. Journal of Sensor and Actuator Networks. 2020; 9(3):37. https://doi.org/10.3390/jsan9030037
Chicago/Turabian StyleMohamed, Nader, Jameela Al-Jaroodi, and Imad Jawhar. 2020. "Cyber–Physical Systems Forensics: Today and Tomorrow" Journal of Sensor and Actuator Networks 9, no. 3: 37. https://doi.org/10.3390/jsan9030037
APA StyleMohamed, N., Al-Jaroodi, J., & Jawhar, I. (2020). Cyber–Physical Systems Forensics: Today and Tomorrow. Journal of Sensor and Actuator Networks, 9(3), 37. https://doi.org/10.3390/jsan9030037