@article{668,
  author = {Frank J. Furrer},
  title = {Safe and secure system architectures for cyber-physical systems},
  abstract = {Cyber-physical systems are at the core of our current civilization. Countless examples dominate our daily life and work, such as driverless cars that will soon master our roads, implanted medical devices that will improve many lives, and industrial control systems that control production and infrastructure. Because cyber-physical systems manipulate the real world, they constitute a danger for many applications. Therefore, their safety and security are essential properties of these indispensable systems. The long history of systems engineering has demonstrated that the system quality properties—such as safety and security—strongly depend on the underlying system architecture. Satisfactory system quality properties can only be ensured if the fundamental system architecture is sound! The development of dependable cyber-physical architectures in recent years suggests that two harmonical architectures are required: a design-time architecture and a run-time architecture. The design-time architecture defines and specifies all parts and relationships, assuring the required system quality properties. However, in today’s complex systems, ensuring all quality properties in all operating conditions during design time will never be possible. Therefore, an additional line of defense against safety accidents and security incidents is indispensable: This must be provided by the run-time architecture. The run-time architecture primarily consists of a protective shell that monitors the run-time system during operation. It detects anomalies in system behavior, interface functioning, or data—often using artificial intelligence algorithms—and takes autonomous mitigation measures, thus attempting to prevent imminent safety accidents or security incidents before they occur. This paper’s core is the protective shell as a run-time protection mechanism for cyber-physical systems. The paper has the form of an introductory tutorial and includes focused references. © 2023, The Author(s).},
  year = {2023},
  journal = {Springer Science and Business Media LLC},
  month = {2023-04},
  issn = {0170-6012},
  url = {https://link.springer.com/content/pdf/10.1007/s00287-023-01533-z.pdf},
  doi = {10.1007/s00287-023-01533-z},
  note = {A protective shell is a technique that can significantly enhance the safety and security of cyber-physical systems at run-time. It is a current, active research area, and some industries producing mission-critical cyber-physical systems are already implementing it. However, the challenges of implementing a protective shell are that:
•	Using a protective shell requires a very high degree of formalization for reliable anomaly detection.
•	Designing a protective shell to protect against damaging run-time behavior is a highly challenging engineering task.
•	The protective shell consumes additional run-time resources (power, CPU, memory).
•	Designing and implementing a protective shell needs highly educated engineers.
•	The protective shell’s code and data increase the system’s complexity, which may generate additional failure modes and possibly also enlarges the attack surface.
},
}