Towards a Formalisation of Expert’s Knowledge for an Automatic Construction of a Vulnerability Model of a Cyberphysical System

We present a method for a quantitative formulation of the knowledge of security experts, to be used in an evaluation of attack costs in a cyberphysical system. In order to make the formulation practical, we classify the attacker forms and its attack positions. Applying boiler-plate patterns, like that of an operating system, is also possible. The obtained cost model may allow an exhaustive analysis of hypothetical weaknesses, employed in the design phase of a critical system.