Cyber-physical systems (CPSs) are exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes of the systems. We define two probabilistic metrics to estimate the physical impact of attacks targeting cyber-physical systems formalised in terms of a probabilistic hybrid extension of Hennessy and Regan’s Timed Process Language. Our impact metrics estimate the impact of cyber-physical attacks based on: (i) the severity of the inflicted damage in a given amount of time, and (ii) the probability that these attacks are actually accomplished, according to the dynamics of the system under attack. In doing so, we pay special attention to stealthy attacks, i.e., attacks that cannot be detected by intrusion detection systems. As further contribution, we show that, under precise conditions, our metrics allows us to estimate the impact of attacks targeting a complex CPS in a compositional manner, i.e., in terms of the impact on its sub-systems.

Formal Impact Metrics for Cyber-physical Attacks

Merro, Massimo
;
Munteanu, Andrei;
2021-01-01

Abstract

Cyber-physical systems (CPSs) are exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes of the systems. We define two probabilistic metrics to estimate the physical impact of attacks targeting cyber-physical systems formalised in terms of a probabilistic hybrid extension of Hennessy and Regan’s Timed Process Language. Our impact metrics estimate the impact of cyber-physical attacks based on: (i) the severity of the inflicted damage in a given amount of time, and (ii) the probability that these attacks are actually accomplished, according to the dynamics of the system under attack. In doing so, we pay special attention to stealthy attacks, i.e., attacks that cannot be detected by intrusion detection systems. As further contribution, we show that, under precise conditions, our metrics allows us to estimate the impact of attacks targeting a complex CPS in a compositional manner, i.e., in terms of the impact on its sub-systems.
Cyber-physical attack
impact metric
timed and hybrid model
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/1042281
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact