by Matthias Eckhart (TU Wien) and Andreas Ekelhart (SBA Research)
In recent years, the concept of digital twins has received increasing attention. Virtual replicas of cyber-physical systems (CPSs) can be leveraged for monitoring, visualising and predicting states of CPSs, leading to new possibilities to enhance industrial operations. Yet, the benefit of this concept goes beyond typical Industry 4.0 use cases, such as predictive maintenance. Recent efforts explore how digital twins can increase the security of CPSs.
The adoption of new technologies that follow the Industry 4.0 vision of an interconnected factory significantly increases the attack surface, and thus introduces new attack vectors. Considering that the security of CPSs has a direct impact on safety, implementing adequate security measures is vital. As a result, a holistic security solution that not only protects the CPS during operation, but rather throughout its entire lifecycle is highly desirable. More specifically, such a security solution should aim to (i) support the identification of security weaknesses in the specification, (ii) allow the execution of security and system tests without disrupting physical processes, (iii) monitor the physical process under control, and (iv) detect intrusions and other abnormal conditions of the CPS.
To implement the aforementioned use cases, researchers at TU Wien and SBA Research have been experimenting with the concept of digital twins. While the term “digital twin” typically refers to a data-driven or physical model of a system, we use it to describe an emulated or simulated device that may be connected to an emulated network. In the context of this research, digital twins reflect the correct behaviour of their physical counterparts, as specified by experts from the industrial automation domain. Thus, deviations between the physical device and its digital twin may indicate either malicious behaviour or faults. Furthermore, since the digital twins run in an isolated, virtual environment, they can be analysed in depth without risking the disruption of live systems.
The CPS Twinning framework [1] is an experimental prototype to implement these concepts. As illustrated in Figure 1, the digital twins are generated completely from the specification of the CPS, which consists of artefacts that express engineer and domain knowledge. Ideally, the specification has already been created during the engineering process. Furthermore, security and safety rules (e.g., thresholds for process variables) can be defined in the CPS's specification, providing the means for detecting abnormal conditions in digital twins.
![Figure 1: Architecture of CPS Twinning [1], which consists of the generator component, the digital-twin execution environment and modules that implement the use cases.](/images/stories/EN115/02_Eckhart.svg)
Figure 1: Architecture of CPS Twinning [1], which consists of the generator component, the digital-twin execution environment and modules that implement the use cases.
In essence, the proposed digital-twin framework comprises a generator component and a virtual environment. The generator parses the specification in order to create the digital twins in the virtual environment. The virtual environment on the other hand, provides an emulated network stack that the emulated or simulated virtual devices can use for communicating with each other. Moreover, the framework supports two modes of operation, viz. simulation and replication. In simulation mode, the digital twins run independently from their physical counterparts, e.g., to conduct security tests. In contrast, the replication mode mirrors the physical devices’ program states to their digital twins. In this mode, malicious behaviour can be detected in two ways: First, a comparison between the inputs and outputs of physical devices and those of digital twins may reveal differences that would indicate malicious behaviour or faults that caused the real devices to deviate from their virtual replicas. Second, if abnormal conditions of the physical process emerge in the virtual environment as well, the framework is able to detect violations of safety and security rules, by continuously monitoring the state of digital twins.
In [1], we present a proof of concept to demonstrate the feasibility of the proposed approach. We used AutomationML [2] as a data format, to specify our exemplary production system. In addition to the CPS’s specification, we explicitly defined safety and a security rules. The prototypical implementation of the framework is based on Mininet [3] and integrates a transcompiler for IEC 61131-3 programming languages as well as a Modbus TCP/IP stack. In this way, we were able to equip the digital twins with the required features to replicate the component logic of the physical devices that are part of our test bed.
For future work, we intend to focus on the simulation aspects of digital twins by developing a feature that would allow users to recover historical states of digital twins and replay their execution. In this way, certain scenarios can be repeated for further analysis, e.g., to understand the propagation of malware.
Link:
Source code of CPS Twinning on GitHub: https://kwz.me/hds
References:
[1] M. Eckhart, A. Ekelhart: “Towards Security-Aware Virtual Environments for Digital Twins”, Proc. of the 4th ACM Workshop on Cyber-Physical System Security. ACM, 2018.
[2] R. Drath, et al.: “AutomationML-the glue for seamless automation engineering”, ETFA 2008.
[3] B. Lantz, B. Heller, N. McKeown: “A network in a laptop: rapid prototyping for software-defined networks”, Proc.of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, ACM, 2010.
Please contact:
Matthias Eckhart, TU Wien, Austria
https://www.sqi.at/
Andreas Ekelhart, SBA Research, Austria
https://www.sba-research.org/
