MBCA: A Model-Based Approach for Cybersecurity Analysis of Cyber-Physical Systems
摘要
Cyber-physical systems are increasing in complexity and interconnectivity. Performing cybersecurity risk analysis and identifying all possible attack scenarios manually have become challenging and time consuming. This is similar to the problem being tackled for the studies of Reliability, Availability, Maintainability and Safety (RAMS) of complex systems where Model-Based Safety Analysis (MBSA) is proposed as a solution. As a continuation of the research conducted in this PhD thesis [1] we introduce, in this paper, the methodology Model-Based Cybersecurity Analysis (MBCA). This novel methodology is inspired by MBSA and provides a practical and interactive approach to representing and automatically computing cyber Threat paths (attack sequences) via a model. To illustrate this technique, we model the cybersecurity attributes of a drone and part of its ground control infrastructure using the software SimfiaNeo, which supports the MBSA methodology. The cybersecurity attributes selected for our modeling approach correspond to security measures, vulnerabilities, attacker’s actions, and safety feared situations. We apply MBCA using SimfiaNeo to compute the different Threat paths of the considered system architecture. Each sequence consists of the attack source, the target, and the attack path that leads to the feared situation; these elements constitute a threat scenario. We also illustrate the integration of the MBCA approach in Security Risk Assessment (SRA) methodologies and throughout a product development cycle.