Quantitative Security Metrics: Assessment of Cyberattack Scenarios for Cyber-Physical Systems

Cyber-Physical Systems (CPS) are digitized infrastructures controlling physical processes. To improve their dependability, we propose in this paper CYBERSIM, a framework to jointly automate safety and cybersecurity risk assessments for CPS in a common tool by means of generating cyberattack scenario...

Full description

Saved in:
Bibliographic Details
Published inAnnual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (Online) pp. 98 - 104
Main Authors Da Silva, Mike, Nguyen, Nga
Format Conference Proceeding
LanguageEnglish
Published IEEE 23.06.2025
Subjects
Cost function
Costs
Cyber-Physical System
Cyber-physical systems
Cyberattack
Explosions
Measurement
Quantitative Analysis
Risk Assessment
Risk management
Safety
Security Metrics
Statistical analysis
Vectors
Online AccessGet full text

Cover

More Information
Summary:Cyber-Physical Systems (CPS) are digitized infrastructures controlling physical processes. To improve their dependability, we propose in this paper CYBERSIM, a framework to jointly automate safety and cybersecurity risk assessments for CPS in a common tool by means of generating cyberattack scenarios compromising system safety. However, due to the state space size of these complex systems, the sequence generation is subject to combinatorial explosion leading to an unmanageable number of attack scenarios. We develop in CYBERSIM a flexible and multi-metrics cost function which enables us to filter out quantitatively sequences of lesser importance and concentrate analysts efforts on the system's most critical weaknesses. This cost model using CVSS scores computed for MITRE EMB3D threats has been applied to an automotive case study in order to prove its applicability and effectiveness in an industrial context.
ISSN:2833-292X
DOI:10.1109/DSN-S65789.2025.00048