Abstract
Due to their close relation to physical and virtual entities (humans, machines, processes, etc.) including their changing state and context, modern cyber-physical and IoT systems exhibit a high degree of architectural dynamicity. While sharing of data among all the entities of the system is the key driver to the efficiency of the system, it is at the same time necessary to effectively control which data are shared, with whom, and in which context so as to prevent potential misuse.
The problem however is that traditional methods to security and privacy, which typically rely on rigid hierarchies, cannot easily cope with the high degree of architectural dynamicity. In this paper, we outline an approach to ensure security and privacy on the architectural level in systems with dynamic architectures.
In particular, we focus on a) data tracking using data flows and data processing described in system architectures, b) descriptions of dynamic sharing scenarios including decision derivation based on the current situation, and c) a runtime analysis platform that regulates data exchange. We ground the approach and illustrate it in the Industry 4.0 setting, as this is the domain in which we apply our approach as part of our project Trust 4.0, but we believe it can be used in other applications domains as well.