CRV: Automated Cyber-Resiliency Reasoning for System Design Models

We present the design and implementation of an automated static analysis approach and corresponding diagnostic tool, called Cyber Resiliency Verifier (CRV), to check whether a system design satisfies its end-to-end guarantees when the integrity of one or more of its components cannot be guaranteed. CRV’s key insight is to reason about effects of integrity attacks instead of concrete attacks, enabling it to reason also about the impact of future attacks having the same captured effects. We demonstrate CRV’s effectiveness with a case study on a realistic design of an unmanned aerial delivery drone.