A Semantic Security Model for Cyber-Physical Systems to Identify and Evaluate Potential Threats and Vulnerabilities

Establishing and sustaining a sufficient level of security in Cyber-Physical Systems (CPS) proposes a major challenge for engineers. Key characteristics, like heterogeneity, unpredictability and safety-relevance have the potential to significantly impact the overall level of security. However, exploited security-related vulnerabilities may cause malfunction of critical components or result in loss of sensitive information. Therefore, a toolkit, which is capable to identify vulnerabilities regarding security in CPS, would provide great benefit. Although a variety of security analysis frameworks exist, they mainly do not address the challenges proposed by CPS, which limits their applicability or accuracy. We aim to elaborate a more effective solution for CPS by analysing security on a Systems-of-Systems level. Moreover, we focus on the semantic relationships between essential security information, like attackers and attacks, towards the actual specification of the CPS. Our elaborated approach produces a quantitative expression of security, based on a variety of evaluation criteria and -policies. Ultimately, the generated output provides a quick indication about potential security-related threats and vulnerabilities. We utilize a prototypical, but realistic car-sharing application as a prime example for CPS, to illustrate the benefits and ease-of-use of our proposed solution.