Assurance of Application Security on IIoT Platforms with Knowledge Augmentation

abstract

Industrial Internet of Things (IIoT) platforms are characterised by a heterogeneity of applications that increases the flexibility and efficiency of automated manufacturing. At the same time, manufacturers are concerned whether untrusted third-party applications can be aligned with the domain’s requirements for security. Assurance activities, aiming to guarantee the secure development and operation of applications, are hampered by risk management challenges and the heterogeneity of required knowledge. Stakeholders such as Software Developers and System Integrators struggle to break down these challenges, e.g. how to mitigate threats to Industrial Control Systems (ICS) and derive actions for assurance. Additionally, they require knowledge to manage risks from heterogeneous facets such as application deployment, device configuration, or threat and risk assessment. In this paper, we propose an assurance engine that allows stakeholders to break down risk management challenges into dynamic assurance cases and to augment the latter with knowledge from corresponding facets. By leveraging knowledge representation, the assurance engine enables the comparison of risk management approaches for different stakeholders. Furthermore, we utilise formal semantics and logical deduction for reasoning to lay the grounds for the automated assessment of complex assurance cases on heterogeneous IIoT platforms.