Security analysis of socio-technical physical systems

Interdisciplinary Research Group in Socio-technical Cybersecurity

Security analysis of socio-technical physical systems

Gabriele Lenzini, Sjouke Mauwa, Samir Ouchani
Abstract:
Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach.
Authors:
Gabriele Lenzini, Sjouke Mauwa, Samir Ouchani
Publication date:
April, 2015
Published in:
Computers electrical engineering
Reference:
Lenzini, G., Mauw, S., & Ouchani, S. (2015). Security analysis of socio-technical physical systems. Computers & electrical engineering, 47, 258-274.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu