The DYPOSIT project tackles the problem of large, shared CPS infrastructures under attack. In particular, the project responds to the critical need for dynamically formulating and adapting security policies, rapidly and on-demand, in the face of unfolding attacks on a shared CPS fabric integrating multiple applications run by a variety of stakeholders. DYPOSIT tackles this fundamental research problem through a novel dynamic policies approach rooted in a socio-technical understanding of the complexity and dynamics of shared CPS fabrics under attack. DYPOSIT’s approach is unique and transformative as it takes an inter-disciplinary view of reasoning about the security state of a CPS and formulating responses to CPS coming under attack. This is in sharp contrast to other approaches that remain largely focused on technical measures to provide security or solutions that cater for the resource-constrained nature of the devices employed in a CPS. Furthermore, DYPOSIT’s approach to dynamic policies offers a new perspective on the role of policies in large-scale CPS settings – transforming policies from simply a means to enforce pre-defined security properties to policies as living, evolving objects that play a central role in reasoning about the security state of such a CPS and responding to unfolding attacks. Managing the complexity of formulating and adapting policies dynamically in such a setting, while resolving conflicts, is a fundamental advance towards resilient shared CPS fabrics. DYPOSIT’s scientific advances are validated in an available realistic testbed, which is used to provide application scenarios depicting CPS under attack across a spectrum: highly-managed CPS such as those found in industrial control systems or future factories through to dynamically aggregated CPS, as in smart cities, large manufacturing plants or intelligent transportation systems.

Project partners

• Lancaster University - United Kingdom
• KU Leuven - Belgium
• University College Cork - Ireland