Towards preserving information flow security on architectural composition of cyber-physical systems

A key challenge of component-based software engineering is to preserve extra-functional properties such as security when composing the software architecture from individual components. Previous work in this area does not consider specific characteristics of cyber-physical systems like asynchronous message passing, real-time behavior, or so-called feedback composition with two-way communication. Thereby, a composition of secure components might lead to insecure architectures with undetected information leaks. In this paper, we address the preservation of information flow security on composition of cyber-physical systems, taking the above characteristics into account. We refine security policies during the architectural decomposition, and outline a compositional verification approach that checks the security of individual components against their refined policies. On composition of secure components, our approach preserves security and thereby enables the design of secure software architectures. We give a proof of concept using a component-based software architecture of a cyber-manufacturing system.