Model based security verification of Cyber-Physical System based on Petrinet: A case study of Nuclear power plant

Abstract A variety of modern Cyber-Physical Systems (CPSs) are distributed and asynchronous systems that are becoming the backbone for smart infrastructures and systems such as smart grids, power plants, medical appliances, social robots etc. The weaving of cyber components with the physical system improves resource utilization and system reliability. However, it makes the CPSs significantly vulnerable to several cyber threats by increasing the attack surfaces. In safety-critical cyber-physical systems, the primary focus is on safety assurance. Any mistake or ignorance in security analysis may greatly amplify the losses in the presence of cyber threats. Such security failure may result in severe damages that may range from affecting critical infrastructures up to even loss of human lives. Thus, an early-staged security modeling of these systems is a prominent issue and requires a systematic approach for modeling a secure design as well as performance evaluation of alternative designs for the same. An in-depth security analysis involves the identification of a standard set of evaluation metrics. The proposed work provides the design-time methodology to map and analyze system security qualitatively and quantitatively using Stochastic Petri nets and their fundamental properties. The effectiveness of the proposed methodology is evaluated using a Nuclear power plant (NPP) case study.