A malicious attack may endanger human life or pollute environment on a cyber-physical system (CPS). However, successfully attacking a CPS needs not only the knowledge of information technology (IT) but also the domain knowledge of the system's operation technology (OT). Therefore, it is critical to identify the vulnerabilities of a CPS. This paper proposes a systematic method for the security verification of a CPS, focusing on OT by using model checking with UPPAAL, so as to enhance cyber security. In our security analysis, we considered unsafe situations to be the result of a potentially effective security attack. Thus, we suggested a systematic method to generate security constraints based on the safety constraints (or safety checks) of the CPS and then enhance these security constraints by security verification using model checking with UPPAAL. UPPAAL's simulation tool can perform a detailed search for each state in various possible model combinations and can explore human-computer interactions more deeply. The contributions of our method are as follows: First, a systematic method is proposed to generate security constraints based on the overall safety requirements at the OT level. Second, the security constraints thus generated can be used for run-time monitoring to identify the possible security attacks when they are violated. Third, this paper proposes to augment normal system modeling with a suggested Attack Module to simulate the potential OT attacks. Finally, the verification results may be used in the following twofold directions: to identify the vulnerabilities for possible design improvements and to suggest the further additions of security constraints.
Software And Hardware