On Attacker Models and Profiles for Cyber-Physical Systems

  • Marco RocchettoEmail author
  • Nils Ole Tippenhauer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


Attacker models are a fundamental part of research on security of any system. For different application scenarios, suitable attacker models have to be chosen to allow comprehensive coverage of possible attacks. We consider Cyber-Physical Systems (CPS), that typically consist of networked embedded systems which are used to sense, actuate, and control physical processes. The physical layer aspects of such systems add novel attack vectors and opportunities for defenses, that require extended models of attackers’ capabilities. We develop a taxonomy to classify and compare attacker models in related work. We show that, so far, there are no commonly used attacker models for such CPS. In addition, concepts of what information belongs in an attacker model are widely different among the community. To address that problem, we develop a framework to classify attacker models and use it to review related work on CPS Security. Using our framework, we propose a set of attacker profiles and show that those profiles capture most types of attackers described in the related work. Our framework provides a more formal and standardized definition of attacker model for CPS, enabling the use of well-defined and uniform attacker models in the future.


Security Protocol Network Control System Attack Model Threat Model Attack Profile 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported by the National Research Foundation of Singapore under grant NRF2014NCR-NCR001-40.


  1. 1.
    Adepu, S., Mathur, A.: An investigation into the response of a water treatment system into cyber attacks. In: IEEE Symposium on High Assurance Systems Engineering (HASE) (2015)Google Scholar
  2. 2.
    Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water SCADA systems; Part I: analysis and experimentation of stealthy deception attacks. IEEE Trans. Control Syst. Technol. 21(5), 1963–1970 (2013)CrossRefGoogle Scholar
  3. 3.
    Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water SCADA systems; Part II: attack detection using enhanced hydrodynamic models. IEEE Trans. Control Syst. Technol. 21(5), 1679–1693 (2013)CrossRefGoogle Scholar
  4. 4.
    Basin, D., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. Trans. Inf. Syst. Secur. (TISSEC) 14(2), 16 (2011)Google Scholar
  5. 5.
    Cárdenas, A.A., Amin, S.M., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-physical Systems Security, DHS, July 2009Google Scholar
  6. 6.
    Cárdenas, A.A., Baras, J.S., Evaluation of classifiers: practical considerations for security applications. In: AAAI Workshop on Evaluation Methods for Machine Learning (2006)Google Scholar
  7. 7.
    Cárdenas, A.A., Roosta, T., Sastry, S.: Rethinking security properties, threat models, and the design space in sensor networks: a case study in SCADA systems. Ad Hoc Netw. 7(8), 1434–1447 (2009)CrossRefGoogle Scholar
  8. 8.
    Chang, S.-Y., Hu, Y.-C., Liubook, Z.: Securing wireless medium access control against insider denial-of-service attackers. In: Proceedings of Conference on Communications and Network Security (CNS) (2015)Google Scholar
  9. 9.
    Corman, J., Etue, D.: Adversary ROI.: Evaluating security from the threat actor’s perspective (2012)Google Scholar
  10. 10.
    Denning, D.E.: Activism, hacktivism, and cyberterrorism: the internet as a tool for influencing foreign policy. In: Ronfeldt, D. (ed.) Networks and Netwars: The Future of Terror, Crime, and Militancy. RAND Corporation, Santa Monica (2001)Google Scholar
  11. 11.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–207 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Esfahani, P., Vrakopoulou, M., Margellos, K., Lygeros, J., Andersson, G., Cyber attack in a two-area power system: impact identification using reachability. In: American Control Conference (ACC), pp. 962–967, June 2010Google Scholar
  13. 13.
    Ford, M.D., Keefe, K., LeMay, E., Sanders, W.H., Muehrcke, C.: Implementing the ADVISE security modeling formalism in möbius. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN) (2013)Google Scholar
  14. 14.
    Hall, M.A., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. SIGKDD Explor. 11(1), 10–18 (2009)CrossRefGoogle Scholar
  15. 15.
    Heckman, R.: Attacker classification to aid targeting critical systems for threat modelling and security review (2005). Accessed 23 Oct 2015
  16. 16.
    Knapp, E.D., Samani, R.: Applied Cyber Security and the Smart Grid. Elsevier Syngress, Boston (2013)Google Scholar
  17. 17.
    Krotofil, M., Cárdenas, A.A., Manning, B., Larsen, J., CPS: driving cyber-physical systems to unsafe operating conditions by timing dos attacks on sensor signals. In: Proceedings of the Computer Security Applications Conference (ACSAC), pp. 146–155. ACM (2014)Google Scholar
  18. 18.
    LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (ADVISE). In: Proceedings of Conference on Quantitative Evaluation of Systems, QEST (2011)Google Scholar
  19. 19.
    Lin, J., Yu, W., Yang, X., Xu, G., Zhao, W.: On false data injection attacks against distributed energy routing in smart grid. In: Proceedings of the Conference on Cyber-Physical Systems (ICCPS) (2012)Google Scholar
  20. 20.
    Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. (TISSEC) 14, 13 (2011)CrossRefGoogle Scholar
  21. 21.
    Matusitz, J.: Cyberterrorism: postmodern state of chaos. Inf. Secur. J. Glob. Perspect. 17(4), 179–187 (2008)CrossRefGoogle Scholar
  22. 22.
    McEvoy, T.R., Wolthusen, S.D.: A formal adversary capability model for SCADA environments. In: Xenakis, C., Wolthusen, S. (eds.) CRITIS 2010. LNCS, vol. 6712, pp. 93–103. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    MITRE. Common attack pattern enumeration and classification (capec)Google Scholar
  24. 24.
    Mo, Y., Kim, T.-H., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)CrossRefGoogle Scholar
  25. 25.
    Orojloo, H., Azgomi, M.A.: A method for modeling and evaluation of the security of cyber-physical systems. In: ISC Conference on Information Security and Cryptology (ISCISC) (2014)Google Scholar
  26. 26.
    Ottis, R.: Theoretical model for creating a nation-state level offensive cyber capability. In: European Conference on Information Warfare and Security (2009)Google Scholar
  27. 27.
    Papadimitratos, P., Poturalski, M., Schaller, P., Lafourcade, P., Basin, D., Capkun, S., Hubaux, J.-P.: Secure neighborhood discovery: a fundamental element for mobile ad hoc networking. IEEE Commun. Mag. 46(2), 132–139 (2008)CrossRefGoogle Scholar
  28. 28.
    Parker, T., Shadow, E., Stroz, E., Devost, M.G., Sachs, M.H.: Cyber Adversary Characterization: Auditing the Hacker Mind. Syngress Publishing Inc., Rockland (2004)Google Scholar
  29. 29.
    Rocchetto, M., Tippenhauer, N.O.: APE (Attacker Profile Examiner) (2016).
  30. 30.
    Rocchetto, M., Tippenhauer, N.O., CPDY: extending the Dolev-Yao attacker with physical-layer interactions. In: Proceedings of the International Conference on Formal Engineering Methods (ICFEM) (2016). Preprint available on arXivGoogle Scholar
  31. 31.
    SPaCIoS. Deliverable 3.3.2: Methodology and technology for vulnerability-driven security testing (final version) (2014).
  32. 32.
    Steinmetzer, D., Schulz, M., Hollick, M., Lockpicking physical layer key exchange: weak adversary models invite the thief. In: Proceedings of the ACM Conference Wireless Security (WiSeC) (2015)Google Scholar
  33. 33.
    Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Simulation of cyber-physical attacks on water distribution systems with EPANET. In: Proceedings of Singapore Cyber Security R&D Conference (SG-CRC), January 2016Google Scholar
  34. 34.
    Teixeira, A., Pérez, D., Sandberg, H., Johansson, K.H.: Attack models and scenarios for networked control systems. In: Proceedings of the Conference on High Confidence Networked Systems (HiCoNS), pp. 55–64. ACM (2012)Google Scholar
  35. 35.
    United States Environmental Protection Agency. Epanet: Software that models the hydraulic and water quality behavior of water distribution piping systems.
  36. 36.
    Urbina, D., Giraldo, J., Tippenhauer, N.O., Cardenas, A.: Attacking fieldbus communications in ICS: applications to the SWaT testbed. In: Proceedings of Singapore Cyber Security R&D Conference (SG-CRC), January 2016Google Scholar
  37. 37.
    Vigo, R.: The cyber-physical attacker. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP Workshops 2012. LNCS, vol. 7613, pp. 347–356. Springer, Heidelberg (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.iTrustSingapore University of Technology and DesignSingaporeSingapore
  2. 2.ISTDSingapore University of Technology and DesignSingaporeSingapore

Personalised recommendations