Attack Scenarios Generation Algorithm Based on Discrete Event System Formalism

Abstract

To help automatize the security risk assessment process of Cyber-Physical Systems (CPS), we propose a tool based on Discrete Event Systems (DES) to model the architecture and the behavior of CPS in the presence of cyberattacks. Then, we present a lightweight algorithm to generate all the attack scenarios threatening a system, i.e. the sequences of attacks leading to a critical state (e.g. loss of control, collision, etc.). This kind of generation being prone to combinatorial explosion, our algorithm embeds state-space reduction capabilities focused on the specificities of cyber-physical attacks. Finally, we illustrate the performance of our algorithm on a case study: the navigation system of an autonomous vessel. This work can be seen as an alternative to heavy tools expressed in specific languages. It is open source and aims to give a good compromise between expressiveness, modeling time and computational power.