A security reference architecture for cargo ports

Abstract

Secure systems must be built in a systematic and holistic way, where security is an integral part of the development lifecycle and cuts across all architectural layers. This need is more evident in Cyber Physical Systems (CPSs), where attacks may target not only the information model of the system but also its physical entities. CPS systems are heterogeneous and often highly complex. Their possibly numerous components and cross-domain complexity make attacks easy to propagate and security difficult to implement. Moreover, this complexity results in a considerable variety of vulnerabilities and a large attack surface. To design secure CPS systems a good approach is to abstract their complexity and develop a common framework, namely a Reference Architecture (RA), to which we add security mechanisms in appropriate places to stop its threats to define a Security Reference Architecture (SRA). An SRA is an abstract architecture describing a conceptual model of security that provides a way to specify security requirements for a wide range of derived concrete architectures. An important type of CPS is a maritime container terminal, a facility where cargo containers are transported between ships and land vehicles for onward transportation, and vice versa. We present here an SRA for cargo ports built out of patterns, which goes beyond existing models in providing a global view and a more precise description than just block diagrams. Starting from an RA, we analyze security issues in each activity of the processes of the system and enumerate its threats. We describe threats using misuse patterns, and from them we select security patterns that realize defensive solutions.