A Formal Model and Verification for HESTIA: An Automated, Adversary-Aware Risk Assessment Process for Cyber Infrastructure

Abstract

Due to the characteristics and connectivity of today’s critical infrastructure systems, cyber-attacks on these systems are currently difficult to prevent in an efficient and sustainable manner. Prevention and mitigation strategies need accurate identification and evaluation of: system vulnerabilities, potential threats and attacks, and applicable hardening measures. Furthermore, the ability to prioritize hardening measures based on accurate assessments of risk is needed. In addition, the consideration of the availability, applicability, and cost of potential mitigation strategies is also needed. To address this challenge we created HESTIA: High-level and Extensible System for Training and Infrastructure risk Assessment. In this article we present a formal model of the HESTIA system. We then also present a formal verification of the HESTIA semantic model.