System Assurance in the Design of Resilient Cyber-Physical Systems

Abstract

System assurance is the justified confidence that a system functions as intended and is free of exploitable vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system at any time during the life cycle. The computation and communication backbone of cyber-physical systems (CPS), coupled with readily available technological advances, makes them vulnerable to classes of threats previously not relevant for many physical control and computational systems. The design of resilient CPS encompasses not only the increasingly new ways in which these systems are vulnerable to adversarial disruption (security) but also how these systems behave in an operational environment and with each other given increasing levels of autonomy and self-learning (function), as well as increasing interdependencies (net-centric connectedness). As CPS are interconnected, the concept of system trust reflects the extent to which one systems assurance is dependent on another systems assurance; in other words, the acceptance of that dependence implies trust between the two. System assurance can be met only through a comprehensive and aggressive systems engineering approach that encompasses the following three critical dimensions: (1) the structure of systems, including architecture and accounting for various kinds of dynamism for the purpose of resiliency and autonomy, (2) the process and engineering activities by which systems are constructed, evolved, and sustained, including mechanisms for measurement of critical attributes and management of alternatives and commitments, and (3) the supporting models and techniques through which evidence can be created to support assurance judgments.