Security analysis of socio-technical physical systems

Gabriele Lenzini, Sjouke Mauw, Samir Ouchani

    Research output: Contribution to journalArticleAcademicpeer-review

    19 Citations (Scopus)


    Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach.
    Original languageEnglish
    Pages (from-to)258-274
    Number of pages17
    JournalComputers & electrical engineering
    Publication statusPublished - Oct 2015


    • EC Grant Agreement nr.: FP7/318003
    • EC Grant Agreement nr.: FP7/2007-2013


    Dive into the research topics of 'Security analysis of socio-technical physical systems'. Together they form a unique fingerprint.

    Cite this