دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: [1st ed. 2022]
نویسندگان: Frank J. Furrer
سری:
ISBN (شابک) : 3658371811, 9783658371814
ناشر: Springer Vieweg
سال نشر: 2022
تعداد صفحات: 573
[559]
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 10 Mb
در صورت تبدیل فایل کتاب Safety and Security of Cyber-Physical Systems: Engineering dependable Software using Principle-based Development به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب ایمنی و امنیت سیستمهای فیزیکی-سایبری: نرمافزار قابل اعتماد مهندسی با استفاده از توسعه مبتنی بر اصول نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
سیستمهای فیزیکی سایبری (CPS) متشکل از دستگاههای
محاسباتی تحت کنترل نرمافزار هستند که با یکدیگر ارتباط برقرار
میکنند و از طریق حسگرها و محرکها با دنیای فیزیکی تعامل
دارند. بنابراین یک CPS دارای دو بخش است: بخش سایبری که بیشتر
عملکردها را اجرا می کند و بخش فیزیکی، یعنی دنیای واقعی.
نمونههای معمولی از CPS، یک دستگاه تصفیه آب، یک هواپیمای بدون
سرنشین و یک ضربانساز قلب است. از آنجایی که بیشتر قابلیت ها
در نرم افزار پیاده سازی می شوند، نرم افزار از اهمیت بسیار
زیادی برخوردار است. این نرم افزار عملکرد و بسیاری از ویژگی
های CPS مانند ایمنی، امنیت، عملکرد، رفتار بلادرنگ و غیره را
تعیین می کند. بنابراین، جلوگیری از حوادث ایمنی و حوادث امنیتی
در CPS به نرم افزار بسیار قابل اعتماد نیاز
دارد.
</ p>
روششناسی
امروزه روشهای بسیاری برای
توسعه نرمافزار ایمن و ایمن در حال استفاده است. همانطور که
مهندسی نرم افزار به آرامی منظم و بالغ می شود، اصول ساخت و ساز
عمومی پذیرفته شده ظاهر شده اند. این تک نگاری از مهندسی مبتنی
بر اصول برای توسعه و بهره برداری نرم افزارهای قابل اعتماد
حمایت می کند. هیچ فرآیند توسعه جدیدی پیشنهاد نشده است، اما
ادغام اصول ایمنی و ایمنی در فرآیندهای توسعه موجود نشان داده
شده است.
اصول ایمنی و امنیت
در هسته اصلی این
تک نگاری اصول مهندسی است. در مجموع 62 اصل در پنج دسته معرفی و
فهرست بندی می شوند: تجارت و سازمان، اصول کلی، ایمنی، امنیت و
اصول مدیریت ریسک. اصول دقیق، قابل آموزش و قابل اجرا هستند.
اصطلاحات استفاده شده دقیقاً تعریف شده است. این مطالب با
مثالهای متعدد پشتیبانی میشود و با نقل قولهای گویا از افراد
مشهور در این زمینه غنی شده است. ایمنی و امنیت سیستم، هر گونه
مصالحه یک فاجعه برنامه ریزی شده است»
مخاطبان
اول، این تک نگاری برای سازمان
هایی است که می خواهند روش های خود را بهبود بخشند. برای ساختن
نرم افزار ایمن و ایمن برای سیستم های فیزیکی-سایبری حیاتی.
دوم، این مطالب برای یک سخنرانی دو ترم، 4 ساعت در هفته، علوم
کامپیوتر پیشرفته در دانشگاه فنی مناسب است.
این کتاب درسی برای دوره های دانشگاهی توصیه و تهیه شده
است. در آلمان، اتریش و سوئیس.
Cyber-physical systems (CPSs) consist of
software-controlled computing devices communicating with each
other and interacting with the physical world through sensors
and actuators. A CPS has, therefore, two parts: The cyber
part implementing most of the functionality and the physical
part, i.e., the real world. Typical examples of CPS’s are a
water treatment plant, an unmanned aerial vehicle, and a
heart pacemaker. Because most of the functionality is
implemented in software, the software is of crucial
importance. The software determines the functionality and
many CPS properties, such as safety, security, performance,
real-time behavior, etc. Therefore, avoiding safety accidents
and security incidents in the CPS requires highly dependable
software.
Methodology
Today, many methodologies
for developing safe and secure software are in use. As
software engineering slowly becomes disciplined and mature,
generally accepted construction principles have emerged. This
monograph advocates principle-based engineering for the
development and operation of dependable software. No new
development process is suggested, but integrating security
and safety principles into existing development processes is
demonstrated.
Safety and Security Principles
At the
core of this monograph are the engineering principles. A
total of 62 principles are introduced and catalogized into
five categories: Business & organization, general
principles, safety, security, and risk management principles.
The principles are rigorous, teachable, and enforceable. The
terminology used is precisely defined. The material is
supported by numerous examples and enriched by illustrative
quotes from celebrities in the field.
Final Words
«In a cyber-physical
system’s safety and security, any compromise is a planned
disaster»
Audience
First, this monograph is for
organizations that want to improve their methodologies to
build safe and secure software for mission-critical
cyber-physical systems. Second, the material is suitable for
a two-semester, 4 hours/week, advanced computer science
lecture at a Technical University.
This textbook has been recommended and developed for
university courses in Germany, Austria and
Switzerland.
Foreword Preface Acknowledgments Contents List of Figures List of Tables List of Examples List of Definitions List of Principles About the Author Part I Foundation 1 Introduction 1.1 Cyber-Physical Systems 1.2 Risk in Cyber-Physical Systems References 2 Cyber-Physical Systems 2.1 Cyber-Physical Systems 2.2 Cyber-Physical Systems-of-Systems 2.3 Emergence 2.4 Infrastructure 2.4.1 Introduction 2.4.2 ICS Architecture 2.5 Autonomous Cyber-Physical Systems 2.6 Internet of Things 2.7 Cloud-Based Cyber-Physical Systems 2.7.1 Conceptual Architecture 2.7.2 Cloud Safety, Security, and Real Time 2.8 Token Economy 2.9 Cyber-crime and Cyber-war 2.9.1 Cyber-crime 2.9.2 Cyber-war 2.10 Diffuse Computer Crime 2.10.1 Supply Chain Dangers 2.10.2 Insider Crime 2.11 Cyber-Physical Systems Engineering 2.11.1 Safety- and Security-Aware Development Process 2.11.2 Governance 2.11.3 Competence Center 2.11.4 Contract-Based Engineering 2.11.4.1 Interface Contracts 2.11.4.2 Service Contracts 2.11.4.3 Contract-Based Engineering 2.11.5 Agile Methods in Safety and Security 2.11.5.1 The Agile Manifesto 2.11.5.2 Agile Application Spectrum 2.11.5.3 Agile Methods and CPS Safety and Security 2.11.5.4 Agility Against Architecture? References 3 Three Devils of Safety and Security 3.1 Vulnerabilities 3.2 Threats 3.3 Failures 3.4 Risk Introduction 3.5 Cyber-Physical System Tension Field References 4 Safety, Security, and Risk 4.1 Context 4.2 General Resilience 4.3 Safety 4.3.1 Introduction 4.3.2 Composite Systems 4.3.3 Safety Taxonomy 4.3.4 Safety Metrics 4.3.5 Elements of Safety 4.3.6 Safety Culture 4.3.7 Safety Standards and Policies 4.3.7.1 Safety Standards 4.3.7.2 Safety Policies 4.3.8 Governance 4.3.9 Safety Management System 4.3.10 Safety Principles 4.3.11 Safety Implementation 4.3.12 Safety Assessment and Safety Audit 4.3.12.1 Safety Assessment 4.3.12.2 Safety Audit 4.3.13 Safety Runtime Monitoring 4.3.14 How Much Safety is Enough? 4.4 Security 4.4.1 Introduction 4.4.2 Security Taxonomy 4.4.3 Security Metrics 4.4.4 Elements of Security 4.4.5 Security Culture 4.4.6 Security Standards and Policies 4.4.6.1 Security Standards 4.4.6.2 Security Policies 4.4.7 Governance 4.4.8 Security Management System 4.4.9 Security Principles 4.4.10 Security Implementation 4.4.11 Security Perimeter Protection 4.4.11.1 Intrusion Prevention 4.4.11.2 Penetration Testing 4.4.11.3 Extrusion Prevention 4.4.12 Zero Trust Architecture 4.4.13 Security Chaos Engineering 4.4.14 Weakest Link 4.4.14.1 Self-Inflicted Security Issues 4.4.15 Security Assessment and Security Audit 4.4.15.1 Security Assessment 4.4.15.2 Security Audit 4.4.16 Security Runtime Monitoring 4.4.17 How Much Security is Enough? 4.5 Convergence of Safety and Security Engineering 4.6 Risk 4.6.1 Risk in Safety and Security 4.6.2 Risk Management Process 4.6.3 Risk Analysis and Assessment 4.6.4 Safety Risk Management 4.6.5 Security Risk Management 4.6.5.1 Qualitative Risk Matrix 4.6.5.2 Quantitative Risk Matrix 4.6.5.3 Monte Carlo Simulations 4.6.6 Cyber-Crisis Management 4.6.7 Agile Risk Management 4.7 Forensic Engineering 4.7.1 Safety Accident Forensic Engineering of Software 4.7.2 Cyber-Incident Forensic Engineering of Software 4.8 Ethics References 5 Safe Software and Secure Software 5.1 Introduction 5.2 Software Architecture 5.3 Architecture Framework 5.4 Trustworthy Development Process 5.4.1 Introduction 5.4.2 Defect Avoidance and Defect Elimination 5.4.3 Coding Standards 5.4.4 Good Programming Practices for Safety and Security 5.4.5 Modeling and Formal Languages 5.4.5.1 Models 5.4.5.2 Model Checking 5.4.5.3 Model-Based Engineering 5.4.5.4 Formal Methods and Languages 5.5 Safe Software 5.5.1 Time 5.5.2 Software Categories 5.5.3 In-House Software 5.5.4 Third-Party Software 5.5.5 Execution Platform 5.6 Secure Software 5.6.1 Secure by Design 5.6.2 In-House Software 5.6.2.1 Containers 5.6.2.2 Domain-Specific Development 5.6.3 Third-Party Software 5.6.4 Execution Platform 5.7 Correct-by-Construction 5.8 Importance of People 5.9 Drift into Vulnerabilities 5.9.1 The Law of Unintended Consequences 5.9.1.1 Far-Effect 5.9.1.2 Emergence 5.9.1.3 Drift into Vulnerability References 6 The Future 6.1 The Rise of the Three Devils 6.2 Safety: Autonomy 6.3 Security: Cryptography Apocalypse 6.3.1 Cryptographic Algorithms 6.3.2 Cryptographic Attacks 6.3.3 Cryptography Apocalypse 6.3.4 Post-Quantum Cryptography 6.4 Artificial Intelligence in Safety and Security 6.4.1 AI in Safety 6.4.1.1 Artificial Intelligence in Civil Applications 6.4.1.2 Intransparent ML Algorithms 6.4.1.3 Adversarial ML Examples 6.4.1.4 Explainable AI (XAI) 6.4.1.5 AI Guardian Angel Bot 6.4.1.6 Artificial Intelligence in Military Applications 6.4.2 AI in Security 6.4.2.1 Malicious Security Artificial Intelligence 6.4.2.2 Beneficial Security Artificial Intelligence 6.4.2.3 Collaborating Agents and Threat Intelligence Aggregation 6.5 AI Conclusions References Part II Principles 7 Principle-Based Engineering 7.1 Risk-Based Engineering 7.2 Principle-Based Engineering 7.2.1 Principles in Science 7.3 Safety and Security Principles 7.4 Principle-Based Engineering Process 7.5 Safety and Security Patterns References 8 Principles for Business and Organization 8.1 Principle B1: Risk Culture 8.2 Principle B2: Policies 8.3 Principle B3: Competence Center 8.4 Principle B4: Governance 8.5 Principle B5: Record Keeping and Trustworthy Archive 8.6 Principle B6: Product Liability 8.7 Principle B7: Code of Ethics 8.8 Principle B8: People’s Work Environment References 9 General Principles Anchor 2 9.1 Principle G1: Precise Safety and Security Requirements 9.2 Principle G2: Adequate System Architecture 9.3 Principle G3: Technical Debt 9.3.1 Technical Debt 9.3.1.1 Technical Debt Management 9.3.1.2 Technical Debt Metric 9.4 Principle G4: Architecture Erosion 9.5 Principle G5: Separation of Concerns 9.6 Principle G6: General Resilience Principles 9.6.1 G6_1: Software Integrity 9.6.1.1 Code Signing 9.6.1.2 Control Flow Integrity 9.6.1.3 Artifact History Integrity (Version control) 9.6.1.4 Terminology 9.6.2 G6_2: Timing Integrity 9.6.3 G6_3: Fault Containment Regions 9.6.4 G6_4: Single Points of Failure 9.6.5 G6_5: Multiple Lines of Defense 9.7 G6_6: Fail-Safe System 9.7.1 G6_7: Graceful Degradation 9.7.2 G6_8: Fault Tolerance 9.7.2.1 Fault Tolerance 9.7.2.2 System-Level Implementation of Fault Tolerance 9.7.2.3 Software-Implemented Fault Tolerance 9.7.2.4 Diagnosability 9.7.3 G6_9: Dependable Foundation (Dependable Execution Infrastructure) 9.7.3.1 Dependable Execution Infrastructure 9.7.3.2 Firmware 9.7.4 G6_10: Error, Exception, and Failure Management 9.7.5 G6_11: Monitoring 9.8 G7: Code Quality 9.9 G8: Modeling 9.10 G9: Cloud-Based Cyber-Physical Systems 9.11 G10: Supply Chain Confidence 9.11.1 Black-Box Risk Analysis 9.11.2 Protective Shell 9.11.3 Black-Box testing 9.11.4 Supplier Risk Management Review/Audit 9.12 G10a: Supply Chain Risk Management 9.13 G10b: Supply Chain Confidence: Products 9.14 G10c: Supply Chain Confidence: Services (Outsourcing) 9.15 G10d: Supply Chain Confidence: Open-Source Software 9.16 Principle G11: Trustworthy Development Process 9.17 G12: IoT Systems 9.18 G13: Impact of Artificial Intelligence References 10 Principles for Safety 10.1 Principle S1: Safety Culture 10.2 Principle S2: Safety Standards and Policies 10.3 Principle S3: Safety Governance 10.4 Principle S4: Safety Management System 10.5 Principle S5: Safety Principles 10.6 Principle S6: Safety Implementation 10.7 Principle S7: Safety Assessment and Audit 10.8 Principle S8: Safety Runtime Monitoring 10.9 Principle S9: Safe Software 10.10 Principle S11: Artificial Intelligence in Safety-Critical CPS References 11 Principles for Security 11.1 Principle E1: Security Culture 11.2 Principle E2: Security Standards and Policies 11.3 Principle E3: Security Governance 11.4 Principle E4: Information Security Management System 11.5 Principle E5: Security Principles 11.6 Principle E6: Cyber-Crisis Management 11.7 Principle E7: Security Implementation 11.8 Principle E8: Personal Data 11.9 Principle E9: Security Perimeter Protection 11.10 Principle E10: Zero Trust Architecture 11.11 Principle E11: Cryptography 11.11.1 Lightweight Cryptography 11.12 Principle E12: Transition to Post-Quantum Cryptography 11.13 Principle E13: Security Assessment and Security Audit 11.14 Principle E14: Security Runtime Monitoring 11.15 Principle E15: Secure Software 11.16 Principle E16: Insider Crime 11.16.1 Technical Controls 11.16.2 Human Resource Management Controls 11.17 Principle E17: Microservices Security 11.17.1 Microservices 11.17.2 Microservices Security 11.17.3 Microservices Governance 11.17.4 Migration to Microservices 11.18 Principle E18: Artificial Intelligence in Security 11.18.1 ICT Defense Mandate 11.18.2 Artificial Intelligence Defense for Security 11.18.3 Attacks against Defense AI Machine Learning References 12 Principles for Risk 12.1 Risk Handling 12.2 Principle R1: Risk 12.3 Principle R2: Risk Management Process 12.4 Principle R3: Risk Metrics 12.5 Principle R4: Forensic Engineering References 13 Final Words 13.1 Uncertainty 13.2 Disciplined Engineering 13.3 Why? 13.4 Final Words Reference References Index