Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory

Published

Author(s)

Matthew Jablonwski, Duminda Wijesekera, Anoop Singhal

Abstract

We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.
Proceedings Title
Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Conference Dates
April 26, 2022
Conference Location
Baltimore, MD, US
Conference Title
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

Keywords

Security Risk Analysis, Attack Trees, Threat Surface

Citation

Jablonwski, M. , Wijesekera, D. and Singhal, A. (2022), Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory, Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Baltimore, MD, US, [online], https://doi.org/10.1145/3510547.3517922, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934092 (Accessed August 18, 2022)
Created April 28, 2022, Updated May 4, 2022