A security policy hardening framework for Socio-Cyber-Physical Systems

Modern systems are heterogeneous inter-operating subsystems of different aspects that can be physical, technical, cybernetics, and even social like agent operators in smart grids or smart transportations. With the social dimension, we name these systems by Socio-Cyber-Physical Systems (SCPS). However, ensuring safety, correctness, and security against attacks that can be either technical or socio-technical based threats is challenging in the presence of components of different aspects. The main difficulty resides on how well security policies are expressed, integrated, and reinforced within a SCPS; in addition to how SCPS are designed and precisely specified. For a better precision, we rely on formal methods to develop a sound approach that models SCPS entities, especially their demeanour and interactions. Further, we formally specify security requirements and policies in SCPS. For security analysis, we develop an algorithm that automatically reinforces the specified security policies and also checks the validity of the requirements for a SCPS model in the presence or absence of attacks. Finally, we validate the approach on a real case scenario of SCPS in the presence of social and technical threats.