Cyber-Physical Systems Security -- A Survey
It addresses security challenges for heterogeneous CPS applications like smart grids and medical systems, but is incremental as it surveys and organizes existing work rather than introducing new methods.
This paper tackles the lack of systematic study in cyber-physical systems (CPS) security by proposing a unified framework to capture and systematize existing research, aiming to provide a modular view and highlight potential attack sources and protection methods.
With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS security issues. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it very difficult to study the problem with one generalized model. In this paper, we capture and systematize existing research on CPS security under a unified framework. The framework consists of three orthogonal coordinates: (1) from the \emph{security} perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; (2)from the \emph{CPS components} perspective, we focus on cyber, physical, and cyber-physical components; and (3) from the \emph{CPS systems} perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS and smart cars). The model can be both abstract to show general interactions of a CPS application and specific to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection.