Document Type

Article

Publication Date

10-30-2016

Abstract

Several cyber-attacks on the cyber-physical systems (CPS) that monitor and control critical infrastructure were publically announced over the last few years. Almost without exception, the proposed security solutions focus on preventing unauthorized access to the industrial control systems (ICS) at various levels – the defense in depth approach. While useful, it does not address the problem of making the systems more capable of responding to the malicious actions of an attacker once they have gained access to the system. The first step in making an ICS more resilient to an attacker is identifying the cyber security vulnerabilities the attacker can use during system design. This paper presents a method that reveals cyber security vulnerabilities in ICS through the formal modeling of the system and malicious agents. The inclusion of the malicious agent in the analysis of an existing systems identifies security vulnerabilities that are missed in traditional functional model checking.

Comments

Publisher version of record at ScienceDirect: https://doi.org/10.1016/j.procs.2016.09.289

Published under Creative Commons Attribution Non-Commercial No Derivatives License, CC BY-NC-ND 4.0 https://creativecommons.org/licenses/by-nc-nd/4.0/

DOI

10.1016/j.procs.2016.09.289

Source Publication

Procedia Computer Science

Share

COinS