U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory

Published

Author(s)

Matthew Jablonwski, Duminda Wijesekera, Anoop Singhal

Abstract

We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.
Proceedings Title
Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Conference Dates
April 26, 2022
Conference Location
Baltimore, MD, US
Conference Title
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Pub Type
Conferences

Download Paper

https://doi.org/10.1145/3510547.3517922
Local Download

Keywords

Security Risk Analysis, Attack Trees, Threat Surface
Information technology and Cyber-physical systems

Citation

Jablonwski, M. , Wijesekera, D. and Singhal, A. (2022), Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory, Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Baltimore, MD, US, [online], https://doi.org/10.1145/3510547.3517922, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934092 (Accessed November 21, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created April 28, 2022, Updated November 29, 2022