Title | ||
---|---|---|
Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory |
Abstract | ||
---|---|---|
ABSTRACTWe describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees. |
Year | DOI | Venue |
---|---|---|
2022 | 10.1145/3510547.3517922 | Data and Application Security and Privacy |
DocType | Citations | PageRank |
Conference | 0 | 0.34 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Matthew Jablonski | 1 | 0 | 0.34 |
Duminda Wijesekera | 2 | 1464 | 141.54 |
Anoop Singhal | 3 | 576 | 168.78 |