Assessing the Severity of Smart Attacks in Industrial Cyber Physical Systems

décembre 2020
Ingénierie & Outils numériques
Articles dans des revues internationales ou nationales avec comité de lecture
Auteurs : Samir Ouchani (LINEACT)
Journal : ACM Transaction on Cyber Physical Systems, 29 décembre 2020

ndustrial cyber-physical systems (ICPS) are heterogeneous inter-operating parts that can be physical, technical, networking, andeven social like agent operators. Incrementally, they perform a central role in critical and industrial infrastructures, governmental, andpersonal daily life. Especially with the Industry 4.0 revolution, they became more dependent on the connectivity by supporting novelcommunication and distance control functionalities, which expand their attack surfaces that result in a high risk for cyber-attacks.Furthermore, regarding physical and social constraints, they may push up new classes of security breaches that might result n seriouseconomic damages. Thus, designing a secureICPSis a complex task since this needs to guarantee security and harmonize thefunctionalities between the various parts that interact with different technologies. This paper highlights the significance of cyber-securityinfrastructure and shows how to evaluate, prevent, and mitigateICPS-based cyber-attacks. We carried out this objective by establishingan adequate semantics forICPS’s entities and their composition, which includes social actors that act differently than mobile robots andautomated processes. This paper also provides the feasible attacks generated by a reinforcement learning mechanism based on multiplecriteria that selects both appropriate actions for eachICPScomponent and the possible countermeasures for mitigation. To efficientlyanalyzeICPS’s security, we proposed a model checking based framework that relies on a set of predefined attacks from where thesecurity requirements are used to assess how well the model is secure. Finally, to show the effectiveness of the proposed solution, wemodel, analyze, and evaluate theICPSsecurity on two real use cases.