A Multidimensional Approach for Formal Modeling and Analyzing Medical Cyber-Physical Systems
Received: 18 November 2024 | Revised: 22 December 2024 | Accepted: 29 December 2024 | Online: 10 January 2025
Corresponding author: Ayoub Bouheroum
Abstract
The combination of integrated software controlling devices, networking capabilities, and sensing/actuation technologies in Medical Cyber-Physical Systems (M-CPS) highlights some specific research challenges. The major challenge is to formally ensure the confidentiality of the data or resources they handle. This study tackles this problem by proposing a formal approach that combines CA-BRS (Control Agent and Bigraphical Reactive Systems) and BPMN (Business Process Model Notation) to specify and analyze CPS in general, while respecting several dimensions. The structural dimension of the CPS, representing the space (physical and cyber entities) in which agents exist and interact, is defined with BRS. Control agents constitute the virtual dimension and observe and control the physical and cyber entities of their environment. The complex and adaptive behavior of CPS (behavioral dimension) is defined through several types of rules, each managing a possible evolution of a CPS component (physical, cyber, or virtual). Two distinctive perspectives are associated with the semantic interpretation of these rules: the states perspective and the activities perspective. This study focuses on the activities perspective that specifies the behavior of control agents with a BPMN activity diagram. This highlights how these two models (CA-BRS and BPMN) complement each other to assist the designer in defining formal models for CPS. Additionally, it reveals how to provide the CA-BRS model with means to control unauthorized access to an electronic health record system.
Keywords:
access control, BPMN, BRS, formal models, medical CPSDownloads
References
N. Zhang, "A Cloud-Based Platform for Big Data-Driven CPS Modeling of Robots," IEEE Access, vol. 9, pp. 34667–34680, 2021.
O. H. Jensen and R. Milner, "Bigraphs and mobile processes (revised)," University of Cambridge, Computer Laboratory, UCAM-CL-TR-580, 2004.
Z. Benzadri, A. Bouheroum, and F. Belala, "A Formal Framework for Secure Fog Architectures: Application to Guarantee Reliability and Availability," International Journal of Organizational and Collective Intelligence (IJOCI), vol. 11, no. 2, pp. 51–74, Apr. 2021.
A. Bouheroum, A. Derhab, D. Benmerzoug, S. M. Hemam, and A. Bouras, "A BRS-based Modeling Approach for Secure Medical Cyber-Physical Systems." Authorea, Sep. 06, 2023.
S. Lou, Y. Feng, G. Tian, Z. Lv, Z. Li, and J. Tan, "A Cyber-Physical System for Product Conceptual Design Based on an Intelligent Psycho-Physiological Approach," IEEE Access, vol. 5, pp. 5378–5387, 2017.
T. Sanislav and L. Miclea, "Cyber-Physical Systems - Concept, Challenges and Research Areas," Journal of Control Engineering and Applied Informatics, vol. 14, no. 2, pp. 28–33, Jun. 2012.
E. Pereira, C. Kirsch, and R. Sengupta, "Biagents - A bigraphical agent model for structure-aware computation," Cyber-Physical Cloud Computing Lab, University of California, Berkeley, CA, USA, Working Paper CPCC-WP-2012-08-01, Aug. 2012.
E. Pereira, C. M. Kirsch, J. B. De Sousa, and R. Sengupta, "BigActors: a model for structure-aware computation," in Proceedings of the ACM/IEEE 4th International Conference on Cyber-Physical Systems, Philadelphia, PA, USA, Apr. 2013, pp. 199–208.
G. Agha, I. A. Mason, S. Smith, and C. Talcott, "Towards a theory of actor computation," in CONCUR ’92, 1992, pp. 565–579.
J. Krivine, R. Milner, and A. Troina, "Stochastic Bigraphs," Electronic Notes in Theoretical Computer Science, vol. 218, pp. 73–96, Oct. 2008.
M. Sevegnani and M. Calder, "Bigraphs with sharing," Theoretical Computer Science, vol. 577, pp. 43–73, Apr. 2015.
T. Skersys, R. Butleris, and K. Kapocius, "Extracting business vocabularies from business process models: SBVR and BPMN standards-based approach," AIP Conference Proceedings, vol. 1558, no. 1, pp. 341–344, Oct. 2013.
I. Graja, S. Kallel, N. Guermouche, and A. H. Kacem, "BPMN4CPS: A BPMN Extension for Modeling Cyber-Physical Systems," in 2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Paris, France, Jun. 2016, pp. 152–157.
P. Bocciarelli, A. D’Ambrogio, A. Giglio, and E. Paglia, "A BPMN extension for modeling Cyber-Physical-Production-Systems in the context of Industry 4.0," in 2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC), Calabria, Italy, May 2017, pp. 599–604.
J. Fitzgerald, C. Gamble, P. G. Larsen, K. Pierce, and J. Woodcock, "Cyber-Physical Systems Design: Formal Foundations, Methods and Integrated Tool Chains," in 2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering, Florence, Italy, May 2015, pp. 40–46.
E. Bartocci et al., "Specification-Based Monitoring of Cyber-Physical Systems: A Survey on Theory, Tools and Applications," in Lectures on Runtime Verification: Introductory and Advanced Topics, E. Bartocci and Y. Falcone, Eds. Springer International Publishing, 2018, pp. 135–175.
G. Bakirtzis, C. Vasilakopoulou, and C. H. Fleming, "Compositional Cyber-Physical Systems Modeling," Electronic Proceedings in Theoretical Computer Science, vol. 333, pp. 125–138, Feb. 2021.
G. Zhang, M. Zhang, R. Yan, M. Chen, C. Xu, and Y. Li, "Modeling and Analysis for CPS Physical Entities Based on Spatio-Temporal Petri Net," Journal of Computers, vol. 9, no. 2, pp. 499–505, Feb. 2014.
Y. Tan, M. C. Vuran, and S. Goddard, "Spatio-Temporal Event Model for Cyber-Physical Systems," in 2009 29th IEEE International Conference on Distributed Computing Systems Workshops, Montreal, Quebec, Canada, Jun. 2009, pp. 44–50.
Y. Cao, Z. Huang, C. Ke, J. Xie, and J. Wang, "A topology-aware access control model for collaborative cyber-physical spaces: Specification and verification," Computers & Security, vol. 87, Nov. 2019, Art. no. 101478.
Y. Cao, Z. Huang, S. Kan, D. Fan, and Y. Yang, "Specification and verification of a topology-aware access control model for cyber-physical space," Tsinghua Science and Technology, vol. 24, no. 5, pp. 497–519, Oct. 2019.
A. Bouheroum, D. Benmerzoug, S. M. Hemam, F. Belala, A. Lehamdi, and R. Aouissate, "A Formal Integrated Approach for Cyber Physical Systems," in 2022 4th International Conference on Pattern Analysis and Intelligent Systems (PAIS), Oum El Bouaghi, Algeria, Oct. 2022, pp. 1–7.
A. Bouheroum, D. Benmerzoug, S. M. Hemam, and F. Belala, "From CA-BRS to BPMN: Formal Approach for Modeling Adaptive Security in Cyber-Physical Systems," presented at the Tunisian Algerian Conference on Applied Computing (TACC 2021), Tabarka, Tunisia, Dec. 2021.
J. Merhej, H. Harb, A. Abouaissa, L. Idoumghar, and S. Ouchani, "ELSO: A Blockchain-Based Technique for a Reliable and Secure Healthcare Information Exchange," Arabian Journal for Science and Engineering, vol. 49, no. 9, pp. 12005–12025, Sep. 2024.
W. Moore and S. Frye, "Review of HIPAA, Part 2: Limitations, Rights, Violations, and Role for the Imaging Technologist," Journal of Nuclear Medicine Technology, vol. 48, no. 1, pp. 17–23, Mar. 2020.
A. Salehi Shahraki, C. Rudolph, and M. Grobler, "A Dynamic Access Control Policy Model for Sharing of Healthcare Data in Multiple Domains," in 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, Aug. 2019, pp. 618–625.
F. Chen et al., "Data Access Control Based on Blockchain in Medical Cyber Physical Systems," Security and Communication Networks, vol. 2021, no. 1, 2021, Art. no. 3395537.
I. Essefi, H. B. Rahmouni, and M. F. Ladeb, "Integrated privacy decision in BPMN clinical care pathways models using DMN," Procedia Computer Science, vol. 196, pp. 509–516, Jan. 2022.
M. Clave et al., "Towards Maude 2.0⋆," Electronic Notes in Theoretical Computer Science, vol. 36, pp. 294–315, Jan. 2000.
S. R. Idate, T. S. Rao, and D. J. Mali, "Context-Based Aspect-Oriented Requirement Engineering Model," Engineering, Technology & Applied Science Research, vol. 13, no. 2, pp. 10460–10465, Apr. 2023.
Downloads
How to Cite
License
Copyright (c) 2025 Ayoub Bouheroum, Djamel Benmerzoug, Sofiane Mounine Hemam, Faiza Belala
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
