Risk Modeling and Evaluation for Resilient Cyber-Physical Systems: From Design-Time to Run-Time
The concept of risk is a combination of threat probabilities, vulnerabilities and expected consequences. In traditional risk modeling and evaluation approaches, analyses are performed at design time and possibly repeated periodically, or at any relevant system change. With such approaches, there is no possibility to evaluate how the risk evolves over time as a condition of actual system state and detected threats. One challenging objectives in the field of connected cyber-physical systems (CPS) and the Internet of Things (IoT) is to improve resilience by providing non-trivial mechanisms for run-time threat detection, risk estimation and system reconfiguration following Self-X principles like self-diagnostics and self-healing. Threats include faults, errors and failures, and can be either intentional (e.g. security attacks) or unintentional (e.g. random faults).
A central issue is to develop model-based approaches allowing for real-time risk evaluation accounting for uncertainties in system itself and in the surrounding environment. Those models should be such to account for growing complexity (size, distribution, heterogeneity) and criticality of modern cyber-physical systems. Multi-paradigm modeling can combine probabilistic modelling languages borrowed from Artificial Intelligence (e.g. Bayesian Networks) with formalisms like Stochastic Petri Nets, in order to find the optimal balance and trade-off between ease of use, expressive power and solving efficiency. It also allows abstraction, meta-modeling, modularity and compositionality, implementing some aspects of object orientation like inheritance and polymorphism. That allows building libraries of generic model classes to be instantiated, composed and reused as needed. Model-to-model transformations from high-level views of the Unified Modeling Language could enable the development of Domain Specific Languages and hide the underlying complexity of the actual solving process workflow. Formal methods can also be used like model-checking to automatically verify safety properties.
Possibly, the same models used in static risk assessment at design time, should be reused and integrated in appropriate frameworks to allow online monitoring of relevant system parameters, threat detection and dynamic adaptation to respond to threats. In critical applications, the reuse of suitable models already employed for system certification together with run-time model-checking also support the so-called explainable Artificial Intelligence (XAI) that is requested to build trustworthy autonomous CPS like self-driving vehicles. The next generation of run-time risk models will act as Digital Twins to anticipate threats and enable novel paradigms like proactive dependability and collaborative security as a support to prognostics and preventive maintenance in Industry 4.0 and other smart-X applications (e.g., smart-houses, smart-cities, smart-transportation, etc.).