Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory

2Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.

Abstract

We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.

Cite

CITATION STYLE

APA

Jablonski, M., Wijesekera, D., & Singhal, A. (2022). Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory. In SaT-CPS 2022 - Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (pp. 13–20). Association for Computing Machinery, Inc. https://doi.org/10.1145/3510547.3517922

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free