Page 32 - Read Online
P. 32
Clédel et al. J Surveill Secur Saf 2020;1:11939 I http://dx.doi.org/10.20517/jsss.2020.08 Page 133 of 139
sidering a specific threat or considering all possible threats. In other words, uncertainties and amplitudes of
events are quantified and bounded in robustness discipline and a robust solution can be found according to
these quantities. On the other hand, resilience discipline cannot consider these quantities—uncertainties and
amplitudes—as harmful events are unknown.
Another definition of robustness is used for networks. The network robustness is defined [64] as: “A measure
of the network’s response to perturbations or challenges (such as failures or external attacks) imposed on the
network”. Van Mieghem et al. introduced a mathematical value in the interval [0,1], called the R-Value, which
is proposed to give a computation of the robustness value of a network.
5.3. Control theory
Severalmathematicalmodels, suchasdifferentialequationsorstate-spacerepresentation, canbeusedtomodel
cyber-physical systems [65] . It is well known that, from a differential equation, which models the relation be-
tween the inputs and the outputs of a system, we can obtain a state–space representation:
( + 1) = ( ) + ( ) (7)
(8)
( ) = ( ) + ( )
In Equation (7), is a state vector. and are, respectively, the input and output vectors. , , , and
are four matrices, respectively, named: state, input, output, and feedthrough matrices. In Equation (8), the
output vector contains the measurements of several sensors. By incorporating and diversifying the sensors
to a system, we have more observability. This observability is very useful, especially for the attack detection.
Another important notion is the controllability, which can be defined as follows: our ability to bring a system
into a desired state. In fact, incorporating a controller into a cyber-physical system is a way to improve the
controllability. The controller uses the outputs of the system to generate the input signal(s). A CPS is a plant
which communicates with the physical and the virtual world [66] . To be protected, the design of a CPS aims at
controllability and observability. Designing CPS by incorporating physical elements which give controllability
and observability can be considered as a way to improve the resilience.
5.4. Other notions
Wei and Ji compared resilience and adaptivity [34] . However, they considered adaptivity limited, as it only con-
cerns mitigation mechanisms that control algorithm parameters, while resilience is open to a larger range of
mechanisms. Particularly, adaptivity, as well as fault-tolerance and robustness, does not address the restorabil-
ity of a system.
Fault-tolerance is the ability of a system to tolerate faults in order to avoid service failures. Sterbenz et al. [21]
claimed that fault-tolerance is a subset of survivability which considers multiple correlated failures while fault-
tolerance does not. It relies on redundancy and is one of the oldest resilience discipline. Moreover, fault-
tolerance does not address intelligent adversaries and thus is not sufficient to provide resilience [34] .
Morel et al. [8] claimed that there is a link between safety and performance levels: any increase in safety is to
the detriment of performance. However, resilience lies in this link, and, by tolerating a variation across time of
the expected performance level, it is possible to increase the safety level when needed. Resilience is depicted
as the gain of safety when performance level is opened to variation.
De Florio [67] considered resilience as “a system’s ability to retain certain characteristics of interest”, in order to
maintainthesystemidentity. Thisarticlealsointroduceselasticity,acomplementarynotiontoresilience,which
