We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.
CITATION STYLE
Jablonski, M., Wijesekera, D., & Singhal, A. (2022). Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory. In SaT-CPS 2022 - Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (pp. 13–20). Association for Computing Machinery, Inc. https://doi.org/10.1145/3510547.3517922
Mendeley helps you to discover research relevant for your work.