Towards a Formalisation of Expert’s Knowledge for an Automatic Construction of a Vulnerability Model of a Cyberphysical System
Résumé
We present a method for a quantitative formulation of the knowledge of security experts, to be
used in an evaluation of attack costs in a cyberphysical system. In order to make the formulation
practical, we classify the attacker forms and its attack positions. Applying boiler-plate patterns,
like that of an operating system, is also possible. The obtained cost model may allow an exhaustive
analysis of hypothetical weaknesses, employed in the design phase of a critical system.