A systematic literature review of model-driven security engineering for cyber–physical systems

The last years have elevated the importance of cyber–physical systems like IoT applications, smart cars, or industrial control systems, and, therefore, these systems have also come into the focus of attackers. In contrast to software products running on PCs or smartphones, updating and maintaining cyber–physical systems presents a major challenge. This challenge, combined with the often decades-long lifetime of cyber–physical systems, and with their deployment in often safety-critical contexts, makes it particularly important to consider their security already at design time. When aiming to obtain a provably secure design, model-driven security approaches are key, as they allow to identify and mitigate threats in early phases of the development. As attacks may exploit both code-level as well as physical vulnerabilities, such approaches must consider not just the cyber layer but the physical layer as well. To find out which model-driven security approaches for cyber–physical systems exist considering both layers, we conducted a systematic literature review. From a set of 1160 initial papers, we extracted 69 relevant publications describing 17 candidate approaches. We found seven approaches specifically developed for cyber–physical systems. We provide a comprehensive description of these approaches, discuss them in particular detail, and determine their limitations. We found out that model-driven security is a relevant research area but most approaches focus only on specific security properties and even for CPS-specific approaches the platform is only rarely taken into account.