2021-04-122020-01-019789897583995WOS;000570766300034SCOPUS;2-s2.0-85083036006http://hdl.handle.net/10784/28778Cybersecurity is becoming vital as industries are gradually moving from automating physical processes to a higher level automation using cyber physical systems (CPS) and internet of things (IoT). In this context, security is becoming a continuous process that runs in parallel to other processes during the complete life cycle of a system. Traditional threat analysis methods use design models alongside threat models as an input for security analysis, hence missing the life-cycle-based dynamicity required by the security concern. In this paper, we argue for an attacker-aware systems modeling language that exposes the systems attack surfaces. For this purpose, we have designed Pimca, a domain specific modeling language geared towards capturing the attacker point of view of the system. This study introduces the formalism along with the Pimca workbench, a framework designed to ease the development and manipulation of the Pimca models. Finally, we present two relevant use cases, serving as a preliminary validation of our approach. © Copyright 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.engSciTePressinfo:eu-repo/semantics/conferencePaperEmbeddedsystemsInformationsystemsInformationuseInternetofthingsLifecycleSpecificationlanguages,ContinuousprocessCyber-physicalsystems(CPS)DomainspecificmodelingDomainspecificmodelinglanguagesInternetofThings(IOT)SecurityanalysisSurfacemodelingSystemsmodelinglanguages,Modelinglanguages2021-04-12Sun, T.N.Drouot, B.Golra, F.R.Champeau, J.Guerin, S.Le Roux, L.Mazo, R.Teodorov, C.Van Aertryck, L.L'Hostis, B.10.5220/0008916203410348