D. DeLaurentis 1 School of Aeronautics & Astronautics Security in a System of Systems Context: Insights from Recent Initiatives Panel: Security for Energy Infrastructures 28-AUG-2013 Dan DeLaurentis Associate Professor School of Aeronautics & Astronautics and Center for Integrated Systems in Aerospace http://www.purdue.edu/research/vpr/idi/cisa/ Purdue University [email protected]765-494-0694 https://engineering.purdue.edu/people/daniel.a.delaurentis.1/
41
Embed
Security in a System of Systems Context: Insights from ......Materials Mechanical Nuclear Info., Comm. & Perception . Engineering . Tech's Nanotech's & Nanophotonics Aeronautics &
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
D. DeLaurentis 1
School of Aeronautics & Astronautics
Security in a System of Systems Context: Insights
from Recent Initiatives
Panel: Security for Energy Infrastructures
28-AUG-2013
Dan DeLaurentis Associate Professor
School of Aeronautics & Astronautics and
Center for Integrated Systems in Aerospace http://www.purdue.edu/research/vpr/idi/cisa/
Objectives- Analysis (not specification of) architectures Show competence in innovation in SOS approach Show relevance to Session on Transforming ATM Give indicators through relevant results of how people could use this
D. DeLaurentis 2
School of Aeronautics & Astronautics
Mat
eria
ls
Mec
hani
cal
Nuc
lear
Engi
neer
ing
Info., Comm. & Perception Tech's
Nanotech's & Nanophotonics
Aer
onau
tics
& A
stro
naut
ics
Agr
icul
tura
l & B
iolo
gica
l
Tissue & Cellular Eng.
System-of-Systems
Purdue's Signature Areas Engi
neer
ing
Dis
cipl
ines
Adv. Materials & Mnf.
Energy
Sustainable Industrial Systems
Healthcare Eng.
Civ
il
Indu
stria
l
Con
stru
ctio
n &
Man
agem
ent
Ele
ctric
al &
Com
pute
r
Edu
catio
n
Polic
y
Ope
ratio
ns
Econ
omic
s
Bio
med
ical
Che
mic
al
System-of-Systems spans disciplines, domains and
global problems
Context
D. DeLaurentis 3
School of Aeronautics & Astronautics
System Engineering AND (not vs.) System-of-Systems Engineering
• Distributed, network of independently operating systems that may collaborate
• Emergent Behavior (good or bad) • e.g., Net-Centric Defense, Energy, Air Transportation System
• Typically a single product or system • Well-defined requirements (ha ha!) • Still hard – Complex Systems • e.g., aircraft, tower, rocket
System Engineering System of Systems Engineering
D. DeLaurentis 4
School of Aeronautics & Astronautics
Types of SoS* • Directed
– SoS objectives, management, funding and authority; systems are subordinated to SoS
• Acknowledged – SoS objectives, management, funding and authority; however
systems retain their own management, funding and authority in parallel with the SoS
• Collaborative – No objectives, management, authority, responsibility, or funding at
the SoS level; Systems voluntarily work together to address shared or common interest
• Virtual – Like collaborative, but systems don’t know about each other
SoS SE Guide focuses on ‘Acknowledged’ SoS
*DoD SoS SE Guide, via J. Dahmann (MITRE)
D. DeLaurentis 5
School of Aeronautics & Astronautics
Structuring the Big Picture: SoS Hierarchy & Scope Dimensions • A flexible framework allows the various systems,
contexts, hierarchy and interrelationships to be identified and described.
• ROPE Table • Avoid lexicon confusion in trans-domain applications
Resources Operations Policy Economics α β
γ δ
Presenter
Presentation Notes
DF: Not sure what else we want to put in here
D. DeLaurentis 6
School of Aeronautics & Astronautics
Multiple Networks that Evolve
Evolution of transport network topology is influenced by other network layers in the SoS . . .
Transport network = network of airports connected by flight service routes
We said at the kick-off that we would essentially represent the NAS as a network. We can now be more specific about which network in NAS we deal with
D. DeLaurentis 8
School of Aeronautics & Astronautics
D. DeLaurentis 9
School of Aeronautics & Astronautics
Exemplar 1: FAA’s NextGen Transformation
• Ground-based technology • Dependent on human
interface and decisions made on the ground
• Limited use of automation • Single channel voice
control • Aging Infrastructure
• Satellite navigation • Digital non-voice
communication and advanced networking
• Collaborative operations with decisions made in the cockpit
• Flight crews have increased control over their trajectories
Today Enabled by NextGen
http://www.faa.gov/nextgen/
D. DeLaurentis 10
School of Aeronautics & Astronautics
Exemplar 2: Ballistic Missile Defense (MDA sponsored project at Purdue since August 2010)
Source: mda.mil
A clear example of a “system of systems”….or “agglomeration of systems”
D. DeLaurentis 11
School of Aeronautics & Astronautics
Pain Points Question
SoS Authority What are effective collaboration patterns in systems of systems?
Leadership What are the roles and characteristics of effective SoS leadership?
Constituent Systems What are effective approaches to integrating constituent systems into a SoS?
Autonomy, Interdependencies & Emergence
How can SE provide methods and tools for addressing the complexities of SoS interdependencies and emergent behaviors?
Capabilities & Requirements How can SE address SoS capabilities and requirements?
Testing, Validation & Learning
How can SE approach the challenges of SoS testing, including incremental validation and continuous learning in SoS?
SoS Principles What are the key SoS thinking principles, skills and supporting examples?
Survey identified seven ‘pain points’ raising a set of SoS SE questions
From: “Systems of Systems Pain Points”, Dr. Judith Dahmann, INCOSE Webinar Series on Systems of Systems, 22-FEB, 2013
D. DeLaurentis 12
School of Aeronautics & Astronautics
Define security risk • To develop a resilient SoS, it is necessary to define security risk and sources
of its generation. • Risk is a function of the threat, the vulnerabilities of the constituent systems
to be protected, and consequences of compromise of the systems.1 o Threat: - intent of the adversary (targeted attack vs. random attack) - capability (high or low probability to destroy a system) o Vulnerabilities: - inherent failure - operationally introduced failure by cyber-security attack o Consequences: - fixable to the impacted systems
1P. Kaminski, "Task force report: resilient military systems and the advanced cyber threat," Office of the under secretary of defense for acquisitioin, technology and logistics, Washington, D.C., January 2013.
D. DeLaurentis 13
School of Aeronautics & Astronautics
Represent risk levels
Intent
o intent of the adversary (targeted attack vs. random attack)
o Capability (high vs. low probability to destroy a system)
o inherent failure
o operationally introduced failure by cyber-security attack
o Consequences (fixable vs. fatal )
D. DeLaurentis 14
School of Aeronautics & Astronautics
Three types of interdependency failure/attacks
Link failure No communication between systems
Node failure System failure
& No communication between systems
Infected link Communication with
wrong information between systems
D. DeLaurentis 15
School of Aeronautics & Astronautics
Big Picture Summary: • There exists a variety of SoS types • SoS spans dimensions of Resources (Hardware &
Software), Operations, Policy, Economics …. (ROPE) • SoS spans multiple layers of hierarchy of
components…need ability to abstract properly in modeling and thinking
• SoS brings new opportunities and new risks • Different stakeholders have different needs for decision-
tools to influence SoS – System builders – Technology developers – SoS architects – Regulators – Threat agents
D. DeLaurentis 16
School of Aeronautics & Astronautics
MODELING INSIGHTS
D. DeLaurentis 17
School of Aeronautics & Astronautics
Manage Complexity and Trade Objectives Across Levels
• Requirements & ops uncertainty • Modeled & un-modeled interdependencies Within and between levels of abstraction
• Dynamic connectivity & porous boundary Nature of an open system
• Multiplicity of perspectives in participants A root cause of interoperability issues
Aggregation
α
β
γ One notion of Complexity:
the amount of information necessary to describe regularities in the system effectively
Sour
ces
of C
ompl
exity
Presenter
Presentation Notes
In each level, it is about characterizing designed and unexpected interactions A concrete, though abstract example We will define this nomenclature next class, but for now we say:
D. DeLaurentis 18
School of Aeronautics & Astronautics
SoS Methods Focus at Purdue
• Frameworks and quantitative methods needed to design, plan and operate systems of systems, e.g.: – Optimization – Game theory – Behavioral decision-making – Dynamics, sensing and control – Stochastic and uncertainty assessment – Networks – Simulation and modeling
D. DeLaurentis 19
School of Aeronautics & Astronautics Solberg Chart (Retired) Prof. James Solberg, School of IE, Purdue University
D. DeLaurentis 20
School of Aeronautics & Astronautics
Why study networks for SoS
20
SoS Models
Operating SoS in the World
Generate data
Observe, record data Develop networks from patterns/structure in data
Correlate w/SoS performance
Analyze patterns/structure
or cost
(static)
(dynamic) Evolution Prediction
Theories Adaptation Polices
Complexity
Sensitivity Analysis, Monte Carlo, etc.
D. DeLaurentis 21
School of Aeronautics & Astronautics
An Agent-based + Network Simulation
Aeronautics & Astronautics
* ODAS Stated-Pref Survey
Presenter
Presentation Notes
The PLANT- Patterns in Networks – Via network theory, we discovered good patterns in network topologies (like small world behavior, low avg. shortest path, high cluster coefficient) Patterns in Behavior- Now, the trick is to find the patterns in rules of behavior (in stakeholders- travelers, service providers, infrastructure providers) that tend to produce these good network patterns; In SoS, you must account for this independence of action Thus, we cannot “design” the new NAS directly, but must examine its possible evolution over a range of scenarios wrt to these patterns…and seek the ability to “tune” it. When we get the Traveler Choice model, then we will have the effect of other modes!
D. DeLaurentis 22
School of Aeronautics & Astronautics
RT-44b: SoS Analytic Workbench (sponsored by DoD SERC UARC)
Examples of “where they live”
D. DeLaurentis 23
School of Aeronautics & Astronautics
Analytic Workbench – Inputs for SoS Analysis
Data elements for analysis
LegendCOD Criticality of DependencySOD Strength of DependencyConnectivity Connection between systems
based on individual capabilities
Connectivity, COD, SOD
Candidate System Data >Capabilities
>Requirements
Distribution Data: P(failure), risks, develop time,
reliability
Directional connectivity, event rule
trigger
Methods Inputs for Method
FDNA/DDNA Criticality of Dependency (COD), Strength of dependency (SOD), Connectivity
Bayesian Networks
Failure probabilities of constituent systems, directional connectivity
Architecture alternatives
Robust Portfolio Capabilities, Development & Integration time for each system
System compatibilities, cost Petri Nets System capabilities, rules for event triggering Architecture alternatives Stand-In Redundancy System reliability data, system capabilities
System costs (operating, downtime, cost), Architecture alternatives
D. DeLaurentis 24
School of Aeronautics & Astronautics
Analytic Workbench - Outputs of SoS Analysis
& Verification
Workbench – Verification via ‘Truth Model’ (e.g. Agent Based Model) Output of SoS Analysis
SoS new architecture
Chosen SoS systems &
connections
Inputs to ‘Truth Model’ (e.g. system capabilities,
connections) of ‘new architecture’
SoS Performance evaluation based on
‘new architecture’
D. DeLaurentis 25
School of Aeronautics & Astronautics
Evaluating a SoS resilience using Bayesian Nets
Bayesian Networks Model Assumption:
- Directional graph
Inputs: Failure probabilities
of constituent systems
Conditional probabilities
Architectures
Outputs: Critical systems
(Criticality of systems)
Resilience patterns
0.40.50.60.70.80.9
11.11.2
Cond
ition
al R
esili
ence
Entity names in LCS systems
architecture 1 architecture 2
00.10.20.30.40.50.60.70.80.9
1
0 60 120 180 240 300 360 420 480 540 600
Prob
abili
ty to
com
plet
e a
mis
sion
Time (mins)
architecture 1
architecture 2
D. DeLaurentis 26
School of Aeronautics & Astronautics
Faults in the Sensor Network
• Types of faults (in Sensor measurement) – Change in measurement covariance (R) – Outliers in sensor measurements – Bias in sensor measurement
Our Goal: ExtendKalman Consensus Filter (KCF) to detect faults in the sensor network.
Note: There is no Fusion Center
T Sensor network tracking the target T
1 2
3
4
(𝐻𝐻1)𝑇𝑇(𝑅𝑅1)−1𝑧𝑧1
Target trajectory
(𝐻𝐻3)𝑇𝑇(𝑅𝑅3)−1𝑧𝑧3
(𝐻𝐻4)𝑇𝑇(𝑅𝑅4)−1𝑧𝑧4
(𝐻𝐻2)𝑇𝑇(𝑅𝑅2)−1𝑧𝑧2
Presenter
Presentation Notes
Errors can be many types but we are only focused with errors pertaining to sensor measurements. Call it measurement noise
D. DeLaurentis 27
School of Aeronautics & Astronautics
ONGOING ACTIVITIES IN EUROPE
D. DeLaurentis 28
School of Aeronautics & Astronautics
Emerging Strategic Research and Education Agenda in SoS
Trans-Atlantic Research and Education Agenda in System of Systems
Prof. Michael Henshaw NDIA Presentation, 08th April 2013
D. DeLaurentis 29
School of Aeronautics & Astronautics
T-AREA-SoS • SoS(E) - important area for economic and societal development within the EU • European Commission FP7 Support Action
– Support to the commission in developing priority research areas – Support to programmes through facilitating collaboration
• 24 Month Project, currently in the Month 20
Presenter
Presentation Notes
The main point of this slide is to emphasise that the European Commission have begun to invest in SoS research because it is seen as an important economic and social driver for the European Union
D. DeLaurentis 30
School of Aeronautics & Astronautics
Objectives of T-AREA-SoS
• Identify research themes in SoSE • Create an Expert Community • Identify state of the art and gaps in research • Create a common language and expression of the SoS
concepts
• Create a strategic research agenda in SoSE
• Identify the skills for system developers and system users • Make recommendations on training and education
Presenter
Presentation Notes
This presentation focuses on the part of the project concerned with generating a research agenda in SoS/SoSE It should be noted that the agenda incorporates viewpoints from the US and from Europe and that part of the purpose is to encourage future EU-US collaboration in this area
D. DeLaurentis 31
School of Aeronautics & Astronautics
T-AREA-SoS Consortium
Presenter
Presentation Notes
Names Dan Delaurentis Mo Jamshidi Michael Henshaw Carys Siemieniuch Murray Sinclair Vishal Barot Sharon Henson Huseyin Dogan Cornelius Ncube Soo Ling Lim
D. DeLaurentis 32
School of Aeronautics & Astronautics
Expert Community
Register yourself as an expert: www.tareasos.eu/registration.php
Currently 70+ Experts, and growing Manufacturing
ICT Defense
Energy
Healthcare
Transport
Presenter
Presentation Notes
The project has begun to create an expert community The purpose is to support peer review of the work and to provide a diverse group of experts with a common interest in SoS This does not conflict with INCOSE SoS WG because many members are from other domains and not associated with INCOSE There is quite a good representation from software systems as well, and a few from cyber-physical
Approved for Public Release 12- MDA-6880 (6 June 12)
From: Mane, M., DeLaurentis, D., “Airborne Platform Management Strategies in a Many-Threat Environment,”
proceedings of AIAA InfoTech, June, 2012. AIAA-2012-2546.
Presenter
Presentation Notes
Instantiation of a system (or entity) Human, business, technological (aircraft, sensor), communications, etc. Described in terms of Desires or goals Beliefs, knowledge, information Attributes, resources Methods it uses Physics-based, heuristic, and organizational behavior models Decision logic/rules Capability Determined by the role an agent plays in an architecture