Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory

Published

Author(s)

Matthew Jablonwski, Duminda Wijesekera, Anoop Singhal

Abstract

We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by analyzing its underlying control attributes and communication flows between relevant internal hardware and software sub-components. The resulting analysis should assist with the qualitative selection of causal events when utilizing attack and fault tree models, which have traditionally conducted this event selection using subjective and bottom-up methods. Objectively scoping the tree-based model analysis using a proven systems theoretic approach should also improve defensive and safety planning during the system development life cycle. We provide a control system case study using attack-defense trees and show how this approach may also be reduced to attack trees, fault trees, and attack-fault trees.
Proceedings Title
Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
Conference Dates
April 26, 2022
Conference Location
Baltimore, MD, US
Conference Title
ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

Keywords

Security Risk Analysis, Attack Trees, Threat Surface

Citation

Jablonwski, M. , Wijesekera, D. and Singhal, A. (2022), Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory, Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Baltimore, MD, US, [online], https://doi.org/10.1145/3510547.3517922, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934092 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 28, 2022, Updated November 29, 2022
Was this page helpful?