Mission-Aware Vulnerability Assessment for Cyber-Physical Systems

Designing secure cyber-physical systems (CPS) is fundamentally important and performing vulnerability assessment becomes indispensable. In this paper, we discuss our ongoing work on building an automated mission-aware vulnerability CPS assessment framework that can accomplish three objectives including i) mapping CPS missions into infrastructural components, ii) evaluating global impact of each vulnerability, and iii) achieving verifiable results and high flexibility. In order to accomplish these objectives, we follow a model-assisted analysis strategy. Specifically, we take advantage of CPS simulator to model the behaviors of CPS components under different missions; our framework facilitates a bottomup approach to construct a holistic model of a CPS that aim at profiling relationships among all CPS components. Formal methods, including program symbolic execution, logic programming, and linear optimization, have been employed to analyze the model, which build mathematical rigor into our framework. The framework first identifies mission-critical components, then discovers all attack paths from system access points to mission-critical components, and finally recommends the optimized mitigation plan.