Dynamic Attack Trees Methodology

Cyber-Physical Systems (CPS) are special kinds of systems with seamless integration of different entities. They are deployed mostly in safety-critical sectors, which make them a target for a wide range of attacks. Identifying potential threats to these kinds of systems is crucial and difficult as they consist of many modules, different producers, different technologies like programming, machine learning, and sometimes different manufactures. In this paper, we proposed a way of model potential ways in which attackers may compromise such systems using attack trees. We define a set of threat environments (i.e., changes in the vulnerability landscape of the system overtime) with each consisting of different sets of vulnerabilities, and use an attack tree generation algorithm to produce a tree at each threat environment. We further apply an information flow property - the opacity, to check a special kind of attacker who can observe the systems' non-secret states.