Visible to the public Developing Models for Physical Attacks in Cyber-Physical Systems

TitleDeveloping Models for Physical Attacks in Cyber-Physical Systems
Publication TypeConference Paper
Year of Publication2017
AuthorsCheh, Carmen, Keefe, Ken, Feddersen, Brett, Chen, Binbin, Temple, William G., Sanders, William H.
Conference NameProceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5394-6
Keywordsattack graph, cps privacy, Cyber-physical systems, Human Behavior, human factors, Ontology, Physical attack, privacy, pubcrawl
AbstractIn this paper, we analyze the security of cyber-physical systems using the ADversary VIew Security Evaluation (ADVISE) meta modeling approach, taking into consideration the effects of physical attacks. To build our model of the system, we construct an ontology that describes the system components and the relationships among them. The ontology also defines attack steps that represent cyber and physical actions that affect the system entities. We apply the ADVISE meta modeling approach, which admits as input our defined ontology, to a railway system use case to obtain insights regarding the system's security. The ADVISE Meta tool takes in a system model of a railway station and generates an attack execution graph that shows the actions that adversaries may take to reach their goal. We consider several adversary profiles, ranging from outsiders to insider staff members, and compare their attack paths in terms of targeted assets, time to achieve the goal, and probability of detection. The generated results show that even adversaries with access to noncritical assets can affect system service by intelligently crafting their attacks to trigger a physical sequence of effects. We also identify the physical devices and user actions that require more in-depth monitoring to reinforce the system's security.
Citation Keycheh_developing_2017