Cyber-physical systems (CPSs) are exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes of the systems. We define two probabilistic metrics to estimate the physical impact of attacks targeting cyber-physical systems formalised in terms of a probabilistic hybrid extension of Hennessy and Regan’s Timed Process Language. Our impact metrics estimate the impact of cyber-physical attacks based on: (i) the severity of the inflicted damage in a given amount of time, and (ii) the probability that these attacks are actually accomplished, according to the dynamics of the system under attack. In doing so, we pay special attention to stealthy attacks, i.e., attacks that cannot be detected by intrusion detection systems. As further contribution, we show that, under precise conditions, our metrics allows us to estimate the impact of attacks targeting a complex CPS in a compositional manner, i.e., in terms of the impact on its sub-systems.
Formal Impact Metrics for Cyber-physical Attacks
Merro, Massimo
;Munteanu, Andrei;
2021-01-01
Abstract
Cyber-physical systems (CPSs) are exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes of the systems. We define two probabilistic metrics to estimate the physical impact of attacks targeting cyber-physical systems formalised in terms of a probabilistic hybrid extension of Hennessy and Regan’s Timed Process Language. Our impact metrics estimate the impact of cyber-physical attacks based on: (i) the severity of the inflicted damage in a given amount of time, and (ii) the probability that these attacks are actually accomplished, according to the dynamics of the system under attack. In doing so, we pay special attention to stealthy attacks, i.e., attacks that cannot be detected by intrusion detection systems. As further contribution, we show that, under precise conditions, our metrics allows us to estimate the impact of attacks targeting a complex CPS in a compositional manner, i.e., in terms of the impact on its sub-systems.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.