We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Systems (CPSs) and physics-based attacks, i.e., attacks targeting physical devices. We focus on a formal treatment of both integrity and denial of service attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are fourfold. (1) We define a hybrid process calculus to model both CPSs and physics-based attacks. (2) We formalise a threat model that specifies MITM attacks that can manipulate sensor readings or control commands to drive a CPS into an undesired state; we group these attacks into classes and provide the means to assess attack tolerance/vulnerability with respect to a given class of attacks, based on a proper notion of most powerful physics-based attack. (3) We formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifications of the success chances of an attack. (4) We illustrate our definitions and results by formalising a non-trivial running example in U PPAAL SMC, the statistical extension of the U PPAAL model checker; we use U PPAAL SMC as an automatic tool for carrying out a static security analysis of our running example in isolation and when exposed to three different physics-based attacks with different impacts.

中文翻译：

---

网络物理系统中基于物理的攻击的正式方法

我们应用形式化方法来奠定和简化理论基础，以推理网络物理系统 (CPS) 和基于物理的攻击，即针对物理设备的攻击。我们专注于对 CPS 的传感器和执行器的完整性和拒绝服务攻击的正式处理，以及这些攻击的时间方面。我们的贡献是四倍的。(1) 我们定义了一个混合过程演算来模拟 CPS 和基于物理的攻击。(2) 我们形式化了一个威胁模型，该模型指定了 MITM 攻击，该攻击可以操纵传感器读数或控制命令以将 CPS 驱动到不希望的状态；我们将这些攻击分为几类，并根据最强大的基于物理的攻击的正确概念，提供评估针对给定攻击类别的攻击容忍度/脆弱性的方法。(3) 我们形式化了如何估计成功攻击对 CPS 的影响，并调查攻击成功机会的可能量化。(4) 我们通过在 U 中形式化一个非平凡的运行示例来说明我们的定义和结果PPAALSMC，U 的统计扩展PPAAL模型检查器；我们使用 UPPAALSMC 作为一种自动工具，用于对我们正在运行的示例进行单独的静态安全分析，并在受到具有不同影响的三种不同的基于物理的攻击时。