{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T05:37:48Z","timestamp":1770529068719,"version":"3.49.0"},"reference-count":62,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2022,4,22]],"date-time":"2022-04-22T00:00:00Z","timestamp":1650585600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2022,5,31]]},"abstract":"<jats:p>\n            Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge, since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise, and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common\n            <jats:italic>Cost Unit<\/jats:italic>\n            . Moreover, we show how the\n            <jats:italic>Security Costs<\/jats:italic>\n            can be extracted from the overall performance measurements, which allows us to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs.\n          <\/jats:p>","DOI":"10.1145\/3450752","type":"journal-article","created":{"date-parts":[[2022,4,22]],"date-time":"2022-04-22T12:46:55Z","timestamp":1650631615000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["A Security Cost Modelling Framework for Cyber-Physical Systems"],"prefix":"10.1145","volume":"22","author":[{"given":"Igor","family":"Ivki\u0107","sequence":"first","affiliation":[{"name":"Lancaster University, Lancaster, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrizia","family":"Sailer","sequence":"additional","affiliation":[{"name":"University of Applied Sciences Burgenland, Eisenstadt, AT"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antonios","family":"Gouglidis","sequence":"additional","affiliation":[{"name":"Lancaster University, Lancaster, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andreas","family":"Mauthe","sequence":"additional","affiliation":[{"name":"University of Koblenz-Landau, Germany, DE"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Markus","family":"Tauber","sequence":"additional","affiliation":[{"name":"University of Applied Sciences Burgenland, Eisenstadt, AT"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,4,22]]},"reference":[{"key":"e_1_3_1_2_2","volume-title":"Seminar work for the Compilerscourse, Department of Computer Science, University of Helsinki, Finland","author":"Aarniala Jari","year":"2005","unstructured":"Jari Aarniala. 2005. Instrumenting java bytecode. In Seminar work for the Compilerscourse, Department of Computer Science, University of Helsinki, Finland."},{"key":"e_1_3_1_3_2","volume-title":"Proceedings of the 2nd Swedish Workshop on the Engineering of Systems of Systems (SWESOS\u201916)","author":"Alkhabbas Fahed","year":"2016","unstructured":"Fahed Alkhabbas, Romina Spalazzese, and Paul Davidsson. 2016. IoT-based systems of systems. In Proceedings of the 2nd Swedish Workshop on the Engineering of Systems of Systems (SWESOS\u201916)."},{"key":"e_1_3_1_4_2","article-title":"Alljoyn Framework","author":"Alliance Allseen","year":"2016","unstructured":"Allseen Alliance. 2016. Alljoyn Framework. Linux Foundation Collaborative Projects. Retrieved September 14, 2016 from https:\/\/allseenalliance.org\/framework.","journal-title":"Linux Foundation Collaborative Projects. Retrieved September 14, 2016 from https:\/\/allseenalliance.org\/framework"},{"key":"e_1_3_1_5_2","unstructured":"Open Mobile Alliance. 2012. Lightweight machine to machine architecture. (unpublished)."},{"key":"e_1_3_1_6_2","unstructured":"ZigBee Alliance and HomePlug Alliance. 2013. Smart energy profile 2 application protocol standard. (unpublished)."},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.24840\/2183-0606_003.004_0003"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1257\/jep.22.2.171"},{"key":"e_1_3_1_9_2","unstructured":"Ross Anderson. 2005. Economics and security resource page."},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.17863\/CAM.41598"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1126\/science.1130992"},{"key":"e_1_3_1_12_2","unstructured":"Radhakisan Baheti and Helen Gill. 2011. Cyber-physical systems. The Impact of Control Technology 12 1 (2011) 161\u2013166. https:\/\/www.researchgate.net\/profile\/Mohamed-Mourad-Lafifi\/post\/What_is_the_difference_between_Cyber_Physical_Systems_and_Networked_Control_Systems\/attachment\/59d6407379197b807799caa6\/AS%3A431158354812928%401479807570298\/download\/IoCT-Part3-02CyberphysicalSystems.pdf."},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102471"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPHYS.2018.8390800"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-41103-9_9"},{"issue":"6","key":"e_1_3_1_16_2","article-title":"A GQM approach to evaluation of the quality of smartthings applications using static analysis.","volume":"14","author":"Chang Byeong-Mo","year":"2020","unstructured":"Byeong-Mo Chang, Janine Cassandra Son, and Kwanghoon Choi. 2020. A GQM approach to evaluation of the quality of smartthings applications using static analysis. KSII Trans. Internet Inf. Syst. 14, 6 (2020).","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2002.1029005"},{"key":"e_1_3_1_18_2","article-title":"Arrowhead Framework","author":"Consortium Arrowhead","year":"2020","unstructured":"Arrowhead Consortium. 2020. Arrowhead Framework. Retrieved from https:\/\/github.com\/arrowhead-f\/core-java.","journal-title":"https:\/\/github.com\/arrowhead-f\/core-java"},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1201\/9781315367897"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2015.7301661"},{"key":"e_1_3_1_21_2","doi-asserted-by":"crossref","unstructured":"Marlon Dumas Marcello La Rosa Jan Mendling and Hajo A. Reijers. 2018. Fundamentals of business process management.","DOI":"10.1007\/978-3-662-56509-4"},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.5555\/3133761"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00502-016-0426-6"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39498-0_13"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2016.488"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1201\/b15552"},{"key":"e_1_3_1_27_2","unstructured":"Iotivity IoTivity. 2015. A linux foundation collaborative project. Retrieved from https:\/\/www.iotivity.org\/."},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC.2019.8651751"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.5220\/0007761604880494"},{"key":"e_1_3_1_30_2","doi-asserted-by":"crossref","unstructured":"Igor Ivki\u0107 Stephan Wolfauer Thomas Oberhofer and Markus Tauber. 2017. On the cost of cyber security in smart business. In Proceedings of the 12th International Conference for Internet Technology and Secured Transactions (ICITST\u201917) .","DOI":"10.23919\/ICITST.2017.8356395"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/1807128.1807136"},{"key":"e_1_3_1_32_2","volume-title":"Introduction to Embedded Systems: A Cyber-physical Systems Approach","author":"Lee Edward Ashford","year":"2017","unstructured":"Edward Ashford Lee and Sanjit A. Seshia. 2017. Introduction to Embedded Systems: A Cyber-physical Systems Approach."},{"key":"e_1_3_1_33_2","volume-title":"Measuring Computer Performance: A Practitioner\u2019s Guide","author":"Lilja David J.","year":"2005","unstructured":"David J. Lilja. 2005. Measuring Computer Performance: A Practitioner\u2019s Guide. Cambridge University Press."},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2017.7510349"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jii.2017.04.005"},{"key":"e_1_3_1_36_2","first-page":"245","volume-title":"Proceedings of the International Conference on Security and Cryptography (SECRYPT\u201911)","author":"Luna Jesus","year":"2011","unstructured":"Jesus Luna, Hamza Ghani, Daniel Germanus, and Neeraj Suri. 2011. A security metrics framework for the cloud. In Proceedings of the International Conference on Security and Cryptography (SECRYPT\u201911). IEEE, 245\u2013250."},{"key":"e_1_3_1_37_2","article-title":"Cyber crime: A review of the evidence","volume":"75","author":"McGuire Mike","year":"2013","unstructured":"Mike McGuire and Samantha Dowling. 2013. Cyber crime: A review of the evidence. Summary of Key Findings and Implications.Home Office Research Report 75.","journal-title":"Summary of Key Findings and Implications."},{"key":"e_1_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/1299015.1299016"},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09762-6_10"},{"key":"e_1_3_1_40_2","article-title":"Performance Analysis","year":"2020","unstructured":"Naver. 2020. Performance Analysis. Retrieved from https:\/\/naver.github.io\/pinpoint\/2.0.1\/performance.html.","journal-title":"https:\/\/naver.github.io\/pinpoint\/2.0.1\/performance.html"},{"key":"e_1_3_1_41_2","article-title":"Pinpoint","year":"2020","unstructured":"Naver. 2020. Pinpoint. Retrieved from https:\/\/naver.github.io\/pinpoint\/.","journal-title":"https:\/\/naver.github.io\/pinpoint\/"},{"key":"e_1_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2674991"},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2509994"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.promfg.2017.09.047"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63588-0"},{"key":"e_1_3_1_46_2","volume-title":"Cyber-Physical Systems","author":"Rajkumar Raj","year":"2016","unstructured":"Raj Rajkumar, Dionisio De Niz, and Mark Klein. 2016. Cyber-Physical Systems. Addison-Wesley Professional."},{"key":"e_1_3_1_47_2","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1201\/9780429467219-14","volume-title":"Handbook of Military and Defense Operations Research","author":"Scala Natalie M.","year":"2020","unstructured":"Natalie M. Scala and Paul L. Goethals. 2020. A model for and inventory of cybersecurity values: metrics and best practices. In Handbook of Military and Defense Operations Research. Chapman & Hall\/CRC, 305\u2013330."},{"key":"e_1_3_1_48_2","unstructured":"Z. Shelby and C. Chauvenet. 2012. The IPSO Application Framework draft-ipso-app-framework-04. Retrieved June 3 2014 from http:\/\/www.ipso-alliance.org\/wp-content\/media\/draft-ipso-app-framework-04.pdf."},{"key":"e_1_3_1_49_2","unstructured":"Benjamin H. Sigelman Luiz Andre Barroso Mike Burrows Pat Stephenson Manoj Plakal Donald Beaver Saul Jaspan and Chandan Shanbhag. 2010. Dapper a large-scale distributed systems tracing infrastructure. https:\/\/storage.googleapis.com\/pub-tools-public-publication-data\/pdf\/36356.pdf."},{"issue":"4","key":"e_1_3_1_50_2","first-page":"209","article-title":"Towards information security metrics framework for cloud computing","volume":"1","author":"Tariq Muhammad Imran","year":"2012","unstructured":"Muhammad Imran Tariq. 2012. Towards information security metrics framework for cloud computing. Int. J. Cloud Comput. Serv. Sci. 1, 4 (2012), 209.","journal-title":"Int. J. Cloud Comput. Serv. Sci."},{"key":"e_1_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1109\/GreenCom.2012.81"},{"key":"e_1_3_1_52_2","doi-asserted-by":"publisher","DOI":"10.1109\/GreenCom.2011.26"},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2012.6211930"},{"issue":"345","key":"e_1_3_1_54_2","first-page":"5","article-title":"On computable numbers, with an application to the Entscheidungsproblem","volume":"58","author":"Turing Alan Mathison","year":"1936","unstructured":"Alan Mathison Turing. 1936. On computable numbers, with an application to the Entscheidungsproblem. J. Math. 58, 345-363 (1936), 5.","journal-title":"J. Math."},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-31165-4_26"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1186\/s40064-016-3498-1"},{"key":"e_1_3_1_57_2","doi-asserted-by":"publisher","DOI":"10.5555\/3063153.3063189"},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICNTE.2017.7947882"},{"key":"e_1_3_1_59_2","volume-title":"The PiLogger One Manual","author":"Wei\u00df-Engel G.","year":"2018","unstructured":"G. Wei\u00df-Engel. 2018. The PiLogger One Manual. PiLogger."},{"key":"e_1_3_1_60_2","volume-title":"Cybernetics or Control and Communication in the Animal and the Machine","author":"Wiener Norbert","year":"1948","unstructured":"Norbert Wiener. 1948. Cybernetics or Control and Communication in the Animal and the Machine. Technology Press."},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMSCS.2016.2569446"},{"key":"e_1_3_1_62_2","volume-title":"Cybercrime and Xociety","author":"Yar Majid","year":"2019","unstructured":"Majid Yar and Kevin F. Steinmetz. 2019. Cybercrime and Xociety. SAGE Publications Limited."},{"key":"e_1_3_1_63_2","first-page":"553","volume-title":"Computer and Information Security Handbook (2nd ed.)","author":"Yee George O. M.","year":"2013","unstructured":"George O. M. Yee. 2013. Security metrics: An introduction and literature review. In Computer and Information Security Handbook (2nd ed.). Elsevier, 553\u2013566."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3450752","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3450752","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:28:42Z","timestamp":1750195722000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3450752"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,22]]},"references-count":62,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,5,31]]}},"alternative-id":["10.1145\/3450752"],"URL":"https:\/\/doi.org\/10.1145\/3450752","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,22]]},"assertion":[{"value":"2020-06-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-04-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}