A Formal Approach to Cyber-Physical Attacks
This work addresses the need for theoretical foundations to analyze and mitigate cyber-physical attacks in CPSs, which is incremental as it builds on existing formal methods approaches.
The paper tackled the problem of reasoning about cyber-physical attacks on Cyber-Physical Systems (CPSs) by applying formal methods, resulting in a hybrid process calculus for modeling, a threat model for assessing vulnerability, and a formalization for estimating attack impact and success chances, illustrated with a non-trivial engineering application.
We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and cyber-physical attacks. We focus on %a formal treatment of both integrity and DoS attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are threefold: (1) we define a hybrid process calculus to model both CPSs and cyber-physical attacks; (2) we define a threat model of cyber-physical attacks and provide the means to assess attack tolerance/vulnerability with respect to a given attack; (3) we formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. We illustrate definitions and results by means of a non-trivial engineering application.