CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions
This addresses security modeling for cyber-physical systems, which is an incremental extension of an existing framework.
The paper tackles the problem of applying the Dolev-Yao attacker model to cyber-physical systems by extending it to include physical-layer interactions, enabling formal discovery of physical attacks that were previously only found empirically.
We propose extensions to the Dolev-Yao attacker model to make it suitable for arguments about security of Cyber-Physical Systems. The Dolev-Yao attacker model uses a set of rules to define potential actions by an attacker with respect to messages (i.e. information) exchanged between parties during a protocol execution. As the traditional Dolev-Yao model considers only information (exchanged over a channel controlled by the attacker), the model cannot directly be used to argue about the security of cyber-physical systems where physical-layer interactions are possible. Our Dolev-Yao extension, called cyber-physical Dolev-Yao (CPDY) attacker model, allows additional orthogonal interaction channels between the parties. In particular, such orthogonal channels can be used to model physical-layer mechanical, chemical, or electrical interactions between components. In addition, we discuss the inclusion of physical properties such as location or distance in the rule set. We present an example set of additional rules for the Dolev-Yao attacker, using those we are able to formally discover physical attacks that previously could only be found by empirical methods or detailed physical process models.