Updated README.

README.md

@@ -1,7 +1,14 @@
-# Automated Quality-Driven Security Risk Identification in Cyber-Physical Production Systems
+# Automated Security Risk Identification in Cyber-Physical Production Systems Using AutomationML-Based Engineering Data
 
-This prototype identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts.
-The results of the risk identification process can be used to identify cascading effects and consequences of attacks affecting product quality.
+
+This prototype implements the methods presented in the following two publications:
+
+1. [Eckhart, M., Ekelhart, A., & Weippl, E. R. (2020). Automated Security Risk Identification Using AutomationML-Based Engineering Data. IEEE Transactions on Dependable and Secure Computing.](https://doi.org/10.1109/TDSC.2020.3033150)
+2. Eckhart, M., Ekelhart, A., Biffl S., Lüder A., & Weippl, E. R. (2022). QualSec: An Automated Quality-Driven Approach for Security Risk Identification in Cyber-Physical Production Systems. IEEE Transactions on Industrial Informatics. To Appear.
+
+In essence, it identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts.
+The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber-attacks that potentially lead to physical damage.
+Moreover, cascading effects and consequences of attacks affecting product quality are identified.
 
 ## Installation
 
@@ -20,8 +27,8 @@ $ mvn clean compile install assembly:single
 
 2. Setup the AMLsec Base Directory
 
-Clone this repository, create the application base directory (usually located in the user's home directory), and place the files located in [amlsec-base-dir](https://github.com/qualsec-paper/amlsec/blob/master/amlsec-base-dir) and the assembled AML2OWL JAR (located in `aml_owl/target/`) there.
-The AMLsec base directory and the path to the AML2OWL JAR must be set in the [configuration file](https://github.com/qualsec-paper/amlsec/blob/master/amlsec/src/main/resources/application.conf) using the keys `baseDir` and `amlToOwlProgram`, respectively.
+Clone this repository, create the application base directory (usually located in the user's home directory), and place the files located in [amlsec-base-dir](https://github.com/sbaresearch/amlsec/blob/master/amlsec-base-dir) and the assembled AML2OWL JAR (located in `aml_owl/target/`) there.
+The AMLsec base directory and the path to the AML2OWL JAR must be set in the [configuration file](https://github.com/sbaresearch/amlsec/blob/master/amlsec/src/main/resources/application.conf) using the keys `baseDir` and `amlToOwlProgram`, respectively.
 
 3. Setup Apache Jena Fuseki
 
@@ -30,26 +37,39 @@ Install and start [Apache Jena Fuseki](https://jena.apache.org/documentation/fus
 $ java -jar <path_to_apache-jena-fuseki-X.Y.Z>/fuseki-server.jar --update
 ```
 
-4. Build AMLsec
+4. Install LoLA 2 (only applies to QualSec)
+
+If you want to run QualSec, you need to install [LoLA - A Low Level Petri Net Analyzer](https://theo.informatik.uni-rostock.de/theo-forschung/tools/lola/).
+
+5. Build and Run the Application
 
 Finally, build and start the app by using [sbt](https://www.scala-sbt.org/).
 ```
 $ sbt "runMain org.sba_research.worker.Main -q"
 ```
 
+Use the flags `-s` and `-q` to run AMLsec and QualSec, respectively.
+
 ## Usage
 
-The implemented method utilizes a semantic information mapping mechanism realized by means of AML libraries.
-These [AML security extension libraries](https://github.com/qualsec-paper/amlsec/tree/master/aml-libs/amlsec) and [AML quality extension libraries](https://github.com/qualsec-paper/amlsec/tree/master/aml-libs/amlqual) can be easily reused in engineering projects by importing them into AML files.
+The implemented methods utilize a semantic information mapping mechanism realized by means of AML libraries.
+These [AML security extension libraries](https://github.com/sbaresearch/amlsec/tree/master/aml-libs/amlsec) and [AML quality extension libraries](https://github.com/sbaresearch/amlsec/tree/master/aml-libs/amlqual) can be easily reused in engineering projects by importing them into AML files.
+
+Again, if you want to execute the prototype of the method presented in the IEEE TDSC paper, use the `-s` flag.
+The `-q` flag, on the other hand, corresponds to the method presented in the IEEE TII paper.
 
-The capabilities of this prototype are demonstrated in a [case study](https://github.com/qualsec-paper/amlsec/blob/master/amlsec-base-dir/quality-case-study/A/CaseStudy_A.aml).
+The capabilities of this prototype are demonstrated in case studies ([AMLsec](https://github.com/sbaresearch/amlsec/blob/master/amlsec-base-dir/case-study/CaseStudy_A.aml), [QualSec](https://github.com/sbaresearch/amlsec/blob/master/amlsec-base-dir/quality-case-study/A/CaseStudy_A.aml)).
 Running this prototype as is will yield the knowledge base (can be accessed via Fuseki), which also includes the results of the risk identification process, and the results of the case study.
 
+Furthermore, if you run the prototype with the [default case study]((https://github.com/sbaresearch/amlsec/blob/master/amlsec-base-dir/case-study/CaseStudy_A.aml)) and `-s` flag, the following pruned cyber-physical attack graph will be created:
+
+![Cyber-Physical Attack Graph](https://github.com/sbaresearch/amlsec/blob/master/amlsec-base-dir/pruned_ag.svg?sanitize=true)
+
 ### Cluster
 
 The prototype utilizes the [Akka](https://akka.io/) framework and is able to distribute the risk identification workload among multiple nodes. The [Akka distributed workers sample](https://github.com/akka/akka-samples/tree/2.6/akka-sample-distributed-workers-scala) was used as a template.
 
-To run the cluster with multiple nodes:
+To run the cluster with multiple nodes (examples with `-q` flag):
 
 1. Start Cassandra:
 ```
@@ -71,8 +91,16 @@ $ sbt "runMain org.sba_research.worker.Main 3001 -q"
 $ sbt "runMain org.sba_research.worker.Main 5001 3 -q"
 ```
 
-If you run the nodes on separate machines, you will have to adapt the Akka settings in the [configuration file](https://github.com/qualsec-paper/amlsec/blob/master/amlsec/src/main/resources/application.conf).
+If you run the nodes on separate machines, you will have to adapt the Akka settings in the [configuration file](https://github.com/sbaresearch/amlsec/blob/master/amlsec/src/main/resources/application.conf).
 
 ## Performance Assessment
 
-The measurements and log files obtained during the performance assessment are available upon request.
+The measurements and log files obtained during the performance assessment are available upon request.
+
+## How to Cite
+
+If you use this prototype in your research, please consider citing our [IEEE TDSC 2020](https://doi.org/10.1109/TDSC.2020.3033150) or IEEE TII 2022 publication. Feel free to use the papers' BibTeX entries ([TDSC](https://github.com/sbaresearch/amlsec/tree/master/bib/Eckhart2022.bib), TII).
+
+## Acknowledgment
+
+The authors would like to thank Yameng An for providing the initial version of [OntoPLC](https://doi.org/10.1109/TII.2020.2997360).

bib/Eckhart2022.bib

@@ -0,0 +1,13 @@
+@Article{Eckhart2022,
+  author   = {Eckhart, Matthias and Ekelhart, Andreas and Weippl, Edgar},
+  journal  = {IEEE Transactions on Dependable and Secure Computing},
+  title    = {Automated Security Risk Identification Using {AutomationML}-Based Engineering Data},
+  year     = {2022},
+  issn     = {1941-0018},
+  month    = may,
+  number   = {3},
+  pages    = {1655--1672},
+  volume   = {19},
+  abstract = {Systems integrators and vendors of industrial components need to establish a security-by-design approach, which includes the assessment and subsequent treatment of security risks. However, conducting security risk assessments along the engineering process is a costly and labor-intensive endeavor due to the complexity of the system(s) under consideration and the lack of automated methods. This, in turn, hampers the ability of security analysts to assess risks pertaining to cyber-physical systems (CPSs) in an efficient manner. In this work, we propose a method that automatically identifies security risks based on the CPS's data representation, which exists within engineering artifacts. To lay the foundation for our method, we present security-focused semantics for the engineering data exchange format AutomationML (AML). These semantics enable the reuse of security-relevant know-how in AML artifacts by means of a formal knowledge representation, modeled with a security-enriched ontology. Our method is capable of automating the identification of security risk sources and potential consequences in order to construct cyber-physical attack graphs that capture the paths adversaries may take. We demonstrate the benefits of the proposed method through a case study and an open-source prototypical implementation. Finally, we prove that our solution is scalable by conducting a rigorous performance evaluation.},
+  doi      = {10.1109/TDSC.2020.3033150},
+}