3 A Formal Approach to Physics-based Atacks in Cyber-physical Systems RUGGERO LANOTTE, Università degli Studi dell’Insubria, Italy MASSIMO MERRO and ANDREI MUNTEANU, Università degli Studi di Verona, Italy LUCA VIGANÒ, King’s College London, UK We apply formal methods to lay and streamline theoretical foundations to reason about Cyber-Physical Sys- tems (CPSs) and physics-based attacks, i.e., attacks targeting physical devices. We focus on a formal treatment of both integrity and denial of service attacks to sensors and actuators of CPSs, and on the timing aspects of these attacks. Our contributions are fourfold. (1) We defne a hybrid process calculus to model both CPSs and physics-based attacks. (2) We formalise a threat model that specifes MITM attacks that can manipulate sensor readings or control commands to drive a CPS into an undesired state; we group these attacks into classes and provide the means to assess attack tolerance/vulnerability with respect to a given class of attacks, based on a proper notion of most powerful physics-based attack. (3) We formalise how to estimate the impact of a successful attack on a CPS and investigate possible quantifcations of the success chances of an attack. (4) We illustrate our defnitions and results by formalising a non-trivial running example in Uppaal SMC, the statistical extension of the Uppaal model checker; we use Uppaal SMC as an automatic tool for carry- ing out a static security analysis of our running example in isolation and when exposed to three diferent physics-based attacks with diferent impacts. CCS Concepts: • Security and privacy → Formal security models; Logic and verifcation; Embedded systems security;• Theory of computation → Timed and hybrid models; Additional Key Words and Phrases: Cyber-physical system security, formal security analysis, attack tolerance/ vulnerability, attack impact, process calculi ACM Reference format: Ruggero Lanotte, Massimo Merro, Andrei Munteanu, and Luca Viganò. 2020. A Formal Approach to Physics- based Attacks in Cyber-physical Systems. ACM Trans. Priv. Secur. 23, 1, Article 3 (February 2020), 41 pages. https://doi.org/10.1145/3373270 Massimo Merro and Andrei Munteanu have been partially supported by the project “Dipartimenti di Eccellenza 2018–2022” funded by the Italian Ministry of Education, Universities and Research (MIUR). Authors’ addresses: R. Lanotte, Università degli Studi dell’Insubria, Dipartimento di Scienze Umane e dell’Innovazione per il Territorio, via Sant’Abbondio 12, Como, 22100, Italy; email: ruggero.lanotte@uninsubria.it; M. Merro and A. Munteanu, Università degli Studi di Verona, Dipartimento di Informatica, strada Le Grazie 15, Verona, 37134, Italy; emails: {massimo. merro, andrei.munteanu}@univr.it; L. Viganò, King’s College London, Department of Informatics, Bush House, 30 Aldwych, WC2B 4BG, London, UK; email: luca.vigano@kcl.ac.uk. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proft or commercial advantage and that copies bear this notice and the full citation on the frst page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specifc permission and/or a fee. Request permissions from permissions@acm.org. © 2020 Association for Computing Machinery. 2471-2566/2020/02-ART3 $15.00 https://doi.org/10.1145/3373270 ACM Transactions on Privacy and Security, Vol. 23, No. 1, Article 3. Publication date: February 2020.