Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory
Matthew Jablonwski, Duminda Wijesekera, Anoop Singhal
We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.
Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
April 26, 2022
Baltimore, MD, US
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
, Wijesekera, D.
and Singhal, A.
Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory, Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Baltimore, MD, US, [online], https://doi.org/10.1145/3510547.3517922, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934092
(Accessed August 18, 2022)