Risk Analysis And Assessment On Cyber-physical Systems

The term Cyber-Physical Systems(CPS)refers to a new generation of intelligent systems with integrated computational performance and physical capabilities.In the past decades,the key technologies supporting the development of CPS have been well studied and developed,and are widely applied in the fields such as Industrial automation,smart transportation,aerospace,environment monitoring,and smart grids.However,with the expansion of CPS complexity and the enhancement of the system openness,most of CPS become not only safety-critical but also security-critical.In the last decades,it is no longer rare to see safety incidents and security attacks happening in industries.Security issues in the cyber domain and safety issues in the physical domain are increasingly converging on CPS,leading to new situations in which these two closely interdependent issues should now be considered together,rather than separately or in sequence.The thesis focuses on the risk analysis and assessment on CPS.The main work includes the following three aspects:Firstly,this thesis introduces the architecture of CPS and the basic concepts of CPS functional safety and cyber security,and investigates the related works of the key technologies of CPS safety and security risk analysis and assessment,including the existing risk assessment and management methods from the perspective of functional safety,cyber security and both.The research shows that most risk analysis and assessment methods are independently carried out from safety and cybersecurity.Cyber security research occupies a predominant position,and the research on safety and security integration in CPS is still in infancy,and needs further improvement.Next,the simulation test platform technologies,the general framework of risk assessment and the basic knowledge of Bayesian network are introduced.Based on the double tank,the automatic control of the tank liquid level is implemented in Matlab/Simulink.The process monitoring center was designed and implemented in Kingview.After that,the Object Linking and Embedding for Process Control(OPC)technology is used for data communication between the field control layer and the process monitoring layer.According to the hierarchical structure of CPS,a reasonable semi-physical simulation testbed is constructed.Finally,the Cyber-to-Physical(C2P)quantitative risk assessment model of CPS based on hierarchical Bayesian network topology is proposed.The vulnerability nodes in the Bayesian network come from the Common Vulnerabilities and Exposures(CVE)database.The conditional probability table is established through the Common Vulnerability Scoring System(CVSS)and the logical gate.The C2 P risk can be calculated and visualized in numerical form,which reduces the dependence on the expert experience to a certain extent.The feasibility of this model is verified by constructing two different undesired event scenario.Then,the qualitative risk assessment method is carried out to explain the value of C2 P risk.The results of undesired event scenarios show that the C2 P risk can provide good guidance for CPS decision makers.