A Method of Threat Analysis for Cyber-Physical System using Vulnerability Databases

摘要

Safety and security are major issues for cyber-physical systems. We propose a threat analysis method effective for the design stage of a safety-critical cyber-physical system, utilizing the fact that similar systems tend to have co-occurrence in the way of their chain in vulnerability. We first utilize a vulnerability database to express known cyber-attack cases on the Fault Tree- Attack Tree (FT-AT). Second, the method uses FT-AT as a kind of teacher data for similar system threat analysis and uses it to find new attacks in similar systems. This makes it possible to efficiently support system design that tries to implement safety and security. The usefulness of the approach is demonstrated by example applications to previously reported attacks on Tesla and Cherokee.