Quantifying Attacker Capability Via Model Checking Multiple Properties (Extended Version)

Abstract

This work aims to solve a practical problem, i.e., how to quantify the risk brought upon a system by different attackers. The answer is useful for optimising resource allocation for system defence. Given a set of safety requirements, we quantify the attacker capability in terms of the set of safety requirements an attacker can compromise. Given a system (in the presence of an attacker), model checking it against each safety requirement one by one is expensive and wasteful since the same state space is explored many times. We thus propose model checking multiple properties efficiently by means of coalgebraic model checking using enhanced coinduction techniques. We apply the proposed technique to a real-world water treatment system and the results show that our approach can effectively reduce the effort required for model checking.