In this paper, threat modeling issues in cyberphysical systems are discussed. First a generic model of a cyberphysical system is outlined, with an attack surface suitable for security analysis. Then, a case study of network communication in a road vehicle is presented, with its behavior modeled by a discrete time Markov chain, under the assumption that security violations can cause gradual degradation of functionality. Finally, two ways of numerical assessment of vulnerabilities are analyzed, to help better estimate probabilities of state changes in a Markov model.
- software assurance
Available at: http://works.bepress.com/ajk/5/