Automated Malware Design for Cyber Physical Systems
This addresses the need for automated attack design to test CPS resilience, though it appears incremental as it builds on existing methods for attack generation.
The paper tackles the problem of generating integrity attacks for cyber physical systems by presenting a systematic approach that automatically creates malware from safety and control specifications, without needing knowledge of the physical system dynamics, resulting in attacks that violate operational and safety requirements.
The design of attacks for cyber physical systems is critical to assess CPS resilience at design time and run-time, and to generate rich datasets from testbeds for research. Attacks against cyber physical systems distinguish themselves from IT attacks in that the main objective is to harm the physical system. Therefore, both cyber and physical system knowledge are needed to design such attacks. The current practice to generate attacks either focuses on the cyber part of the system using IT cyber security existing body of knowledge, or uses heuristics to inject attacks that could potentially harm the physical process. In this paper, we present a systematic approach to automatically generate integrity attacks from the CPS safety and control specifications, without knowledge of the physical system or its dynamics. The generated attacks violate the system operational and safety requirements, hence present a genuine test for system resilience. We present an algorithm to automate the malware payload development. Several examples are given throughout the paper to illustrate the proposed approach.