pith. sign in

arxiv: 2404.07527 · v3 · submitted 2024-04-11 · 💻 cs.CR

Security Modelling for Cyber-Physical Systems: A Systematic Literature Review

Shaofei Huang , Christopher M. Poskitt , Lwin Khin Shar This is my paper

Pith reviewed 2026-05-24 01:55 UTC · model grok-4.3

classification 💻 cs.CR
keywords cyber-physical systemssecurity modellingthreat modellingattack modellingsystematic literature reviewcritical infrastructurevulnerability assessmentcybersecurity
0
0 comments X

The pith

Security models for cyber-physical systems rely on simplistic approaches that overlook the dynamic, multi-layer, multi-path, and multi-agent nature of real attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper performs a systematic literature review of security modelling for cyber-physical systems by searching 449 papers and selecting 32 for detailed analysis. It distinguishes threat modelling from attack modelling and groups the works into three clusters while examining whether the methods handle the extended lifecycles and sophisticated attacker capabilities found in CPS. The central finding is that most existing models use overly simple assumptions that fail to capture the full complexity of attacks on critical infrastructure. A reader would care because CPS underpin high-value targets whose resilience and safety depend on accurate vulnerability assessment across long operational periods.

Core claim

The paper establishes that security models for CPS, whether threat-focused or attack-focused, adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks, even though such modelling is required to identify vulnerabilities and ensure system resilience, safety, and reliability throughout extended system life cycles.

What carries the argument

The three-cluster categorization of the 32 selected papers (threat modelling methods, attack modelling methods, literature reviews) together with the explicit assessment of how these methods address or fail to address CPS-specific attacker capabilities and attack characteristics.

Load-bearing premise

The 32 selected papers from the initial 449 are representative of state-of-the-art CPS security modelling and that the three-cluster categorization plus limitation assessment comprehensively captures the field's shortcomings.

What would settle it

A review using a larger or differently sampled set of papers that finds multiple published models explicitly incorporating dynamic multi-layer multi-path multi-agent attack modelling would falsify the claim that existing approaches are predominantly simplistic.

Figures

Figures reproduced from arXiv: 2404.07527 by Christopher M. Poskitt, Lwin Khin Shar, Shaofei Huang.

Figure 1
Figure 1. Figure 1: CPS cyber intrusion flow representation using the Diamond Model of Intrusion Analysis [ [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Timeline of a CPS cyber intrusion illustrating the steps in a Cyber Kill Chain [ [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Systematic literature review process 4.1 Research questions This review aims to answer the following Research Questions (RQs): • RQ1: What CPS threat or attack models have been adopted in existing literature? The rationale for this research question is to understand the current state-of-the-art research in this area. • RQ1.1: How do the proposed threat and attack models align with cybersecurity in various … view at source ↗
Figure 4
Figure 4. Figure 4: Literature survey search results (April 2025) [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Number of CPS cybersecurity papers per year (2013-2024) [PITH_FULL_IMAGE:figures/full_fig_p012_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Distribution of relevant papers addressing the research questions (RQs) across different clusters. Papers in the attack modelling [PITH_FULL_IMAGE:figures/full_fig_p014_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Security modelling framework for CPS that integrates threat modelling, attack modelling and security monitoring throughout [PITH_FULL_IMAGE:figures/full_fig_p021_7.png] view at source ↗
read the original abstract

Cyber-physical systems are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems and the inherent weaknesses of critical infrastructure reliant on them. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system life cycles, and to ultimately ensure system resilience, safety, and reliability. This survey delves into state-of-the-art research on CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This paper elaborates on the differences between threat and attack modelling, examining their implications for CPS security. We conducted a systematic search that yielded 449 papers, from which 32 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the life cycle of CPS, which typically span longer durations compared to traditional IT systems. This paper also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. This systematic literature review on security modelling for cyber-physical systems (CPS) reports a search yielding 449 papers from which 32 were selected and grouped into three clusters (threat modelling methods, attack modelling methods, and literature reviews). It distinguishes threat from attack modelling, examines how existing methods address CPS-specific attacker capabilities over long system lifecycles, and concludes that current models adopt simplistic approaches that fail to capture the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Significance. A rigorous SLR that maps the state of CPS security modelling and substantiates its identified limitations with explicit per-paper evidence would be useful for guiding research on resilient critical infrastructure, particularly if it also credits any papers that do address multi-agent or dynamic aspects.

major comments (2)
  1. [Abstract and §3] Abstract and §3 (Search and Selection): the reduction from 449 to 32 papers is presented at summary level only; without explicit inclusion/exclusion criteria, quality-appraisal protocol, or inter-rater process, it is impossible to evaluate whether the corpus systematically omits counter-examples to the central claim that models are simplistic.
  2. [§4 and §5] §4 (Results) and §5 (Discussion): the three-cluster categorization and the listed limitations (dynamic/multi-layer/multi-path/multi-agent) are asserted at high level; the manuscript must supply a paper-by-paper mapping or table showing which of the 32 papers exhibit each limitation, otherwise the inductive generalization does not follow from the reviewed set.
minor comments (1)
  1. [§2] The distinction between threat and attack modelling is introduced in the abstract but would benefit from a concise definitional table early in §2 to aid readers.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive feedback, which highlights opportunities to improve the transparency and evidentiary basis of our systematic literature review. We address each major comment below and will revise the manuscript accordingly.

read point-by-point responses

  1. Referee: [Abstract and §3] Abstract and §3 (Search and Selection): the reduction from 449 to 32 papers is presented at summary level only; without explicit inclusion/exclusion criteria, quality-appraisal protocol, or inter-rater process, it is impossible to evaluate whether the corpus systematically omits counter-examples to the central claim that models are simplistic.

    Authors: We agree that greater detail on the selection process is needed to allow readers to assess potential bias or omissions. In the revised manuscript we will expand §3 to explicitly list the inclusion and exclusion criteria, describe the quality-appraisal protocol applied to the 449 papers, and report the inter-rater process (including how disagreements were resolved). revision: yes

  2. Referee: [§4 and §5] §4 (Results) and §5 (Discussion): the three-cluster categorization and the listed limitations (dynamic/multi-layer/multi-path/multi-agent) are asserted at high level; the manuscript must supply a paper-by-paper mapping or table showing which of the 32 papers exhibit each limitation, otherwise the inductive generalization does not follow from the reviewed set.

    Authors: We accept that a high-level summary alone is insufficient to substantiate the generalizations. We will add a new table (or appendix) that maps each of the 32 papers against the four limitations, indicating for each paper whether it addresses or fails to address dynamic, multi-layer, multi-path, and multi-agent characteristics. This will provide the required per-paper evidence. revision: yes

Circularity Check

0 steps flagged

No circularity in systematic literature review

full rationale

This is a systematic literature review paper with no mathematical derivations, equations, predictions, fitted parameters, or ansatzes. The central claim is an inductive generalization based on categorization of 32 selected papers from an initial search of 449. No self-definitional steps, fitted inputs called predictions, load-bearing self-citations, uniqueness theorems, or renaming of known results are present. The selection and clustering process is described at a high level in the abstract and methods but does not reduce any result to its own inputs by construction. This matches the default expectation for non-circular papers, particularly reviews without quantitative modeling.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a literature review the paper introduces no free parameters, axioms, or invented entities; it synthesizes prior research without new formal content.

pith-pipeline@v0.9.0 · 5775 in / 1055 out tokens · 25744 ms · 2026-05-24T01:55:41.803798+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

83 extracted references · 83 canonical work pages

  1. [1]

    [n. d.]. ISA/IEC 62443 Series of Standards. https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards

    work page

  2. [2]

    [n. d.]. Microsoft Threat Modeling Tool. https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling

    work page

  3. [3]

    Zaina Abuabed, Ahmad Alsadeh, and Adel Taweel. 2023. STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles. Computers & Security133 (2023), 103391. https://doi.org/10.1016/j.cose.2023.103391

    work page doi:10.1016/j.cose.2023.103391 2023

  4. [4]

    BoHyun Ahn, Taesic Kim, Seerin Ahmad, Sudip Kumar Mazumder, Jay Johnson, H Alan Mantooth, and Chris Farnell. 2023. An overview of cyber-resilient smart inverters based on practical attack models.IEEE Transactions on Power Electronics39, 4 (2023), 4657–4673. https: //doi.org/10.1109/TPEL.2023.3342842

    work page doi:10.1109/tpel.2023.3342842 2023

  5. [5]

    Smith, Young-Woo Youn, and Myung-Hyo Ryu

    BoHyun Ahn, Taesic Kim, Scott C. Smith, Young-Woo Youn, and Myung-Hyo Ryu. 2021. Security Threat Modeling for Power Transformers in Cyber-Physical Environments. In2021 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT). IEEE, 1–5. https: //doi.org/10.1109/ISGT49243.2021.9372271

    work page doi:10.1109/isgt49243.2021.9372271 2021

  6. [6]

    Rashid Al Asif and Rahamatullah Khondoker

    Md. Rashid Al Asif and Rahamatullah Khondoker. 2020. Cyber Security Threat Modeling of A Telesurgery System. In2020 2nd International Conference on Sustainable Technologies for Industry 4.0 (STI). IEEE, 1–6. https://doi.org/10.1109/STI50764.2020.9350452

    work page doi:10.1109/sti50764.2020.9350452 2020

  7. [7]

    Cullen, and Jules Pagna Disso

    Hamad Al-Mohannadi, Qublai Khan Ali Mirza, Anitta Patience Namanya, Irfan Awan, Andrea J. Cullen, and Jules Pagna Disso. 2016. Cyber-Attack Modeling Analysis Techniques: An Overview. In4th IEEE International Conference on Future Internet of Things and Cloud Workshops, FiCloud Workshops 2016, Vienna, Austria, August 22-24, 2016. IEEE Computer Society, 69–7...

    work page doi:10.1109/w-ficloud.2016.29 2016

  8. [8]

    Otis Alexander, Misha Belisle, and Jacob Steele. 2020. MITRE ATT&CK®for Industrial Control Systems: Design and Philosophy. Manuscript submitted to ACM Security Modelling for Cyber-Physical Systems: A Systematic Literature Review 27

    work page 2020

  9. [9]

    Hussain Almohri, Long Cheng, Danfeng Yao, and Homa Alemzadeh. 2017. On Threat Modeling and Mitigation of Medical Cyber-Physical Systems. In2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). IEEE, 114–119. https://doi.org/10.1109/CHASE.2017.69

    work page doi:10.1109/chase.2017.69 2017

  10. [10]

    Assante and Robert M

    Michael J. Assante and Robert M. Lee. 2015. The Industrial Control System Cyber Kill Chain. https://www.sans.org/white-papers/36297/

    work page 2015

  11. [11]

    Yassine Ayrour, Amine Raji, and Mahmoud Nassar. 2018. Modelling cyber-attacks: a survey study.Network Security2018, 3 (2018), 13–19. https://doi.org/10.1016/S1353-4858(18)30025-4

    work page doi:10.1016/s1353-4858(18)30025-4 2018

  12. [12]

    Mohamed Badawy, Nada H Sherief, and Ayman A Abdel-Hamid. 2024. Legacy ICS cybersecurity assessment using hybrid threat modeling—An oil and gas sector case study.Applied Sciences14, 18 (2024), 8398. https://doi.org/10.3390/app14188398

    work page doi:10.3390/app14188398 2024

  13. [13]

    Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, and Sanjay K Jha. 2024. A Comprehensive Threat Modelling Analysis for Distributed Energy Resources.ACM Transactions on Cyber-Physical Systems8, 4 (2024), 1–32. https://doi.org/10.1145/3678260

    work page doi:10.1145/3678260 2024

  14. [14]

    Robin Bolz, Marcel Rumez, Florian Sommer, Jürgen Dürrwang, and Reiner Kriesten. 2020. Enhancement of Cyber Security for Cyber Physical Systems in the Automotive Field Through Attack Analysis. InEmbedded World

    work page 2020

  15. [15]

    Mike Burmester, Emmanouil Magkos, and Vassilis Chrissikopoulos. 2012. Modeling security in cyber–physical systems.International Journal of Critical Infrastructure Protection5, 3-4 (2012), 118–126. https://doi.org/10.1016/j.ijcip.2012.08.002

    work page doi:10.1016/j.ijcip.2012.08.002 2012

  16. [16]

    Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 2013. The Diamond Model of Intrusion Analysis. (2013)

    work page 2013

  17. [17]

    Chen, Juan Carlos Sanchez-Aarnoutse, and John Buford

    Thomas M. Chen, Juan Carlos Sanchez-Aarnoutse, and John Buford. 2011. Petri Net Modeling of Cyber-Physical Attacks on Smart Grid.IEEE Transactions on Smart Grid2, 4 (2011), 741–749. https://doi.org/10.1109/TSG.2011.2160000

    work page doi:10.1109/tsg.2011.2160000 2011

  18. [18]

    Lei Cui, Youyang Qu, Gang Xie, Deze Zeng, Ruidong Li, Shigen Shen, and Shui Yu. 2021. Security and privacy-enhanced federated learning for anomaly detection in IoT infrastructures.IEEE Transactions on Industrial Informatics18, 5 (2021), 3492–3500. https://doi.org/10.1109/TII.2021.3107783

    work page doi:10.1109/tii.2021.3107783 2021

  19. [19]

    Adrian Dabrowski, Johanna Ullrich, and Edgar R Weippl. 2017. Grid shock: Coordinated load-changing attacks on power grids: The non- smart power grid is vulnerable to cyber attacks as well. InProceedings of the 33rd Annual Computer Security Applications Conference. 303–314. https://doi.org/10.1145/3134600.3134639

    work page doi:10.1145/3134600.3134639 2017

  20. [20]

    Dahl and S.D

    O.M. Dahl and S.D. Wolthusen. 2006. Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets. InFourth IEEE International Workshop on Information Assurance (IWIA’06). IEEE, 157–168. https://doi.org/10.1109/IWIA.2006.17

    work page doi:10.1109/iwia.2006.17 2006

  21. [21]

    Stanislav Dashevskyi, Francesco La Spina, and Daniel Dos Santos. [n. d.]. SUN:DOWN Destabilizing the grid via orchestrated exploitation of solar power systems. https://www.forescout.com/resources/sun-down-research-report/

    work page

  22. [22]

    Rian Davis and Omer F Keskin. 2024. Cyber Threat Modeling for Water and Wastewater Systems: Contextualizing STRIDE and DREAD with the Current Cyber Threat Landscape. In2024 Systems and Information Engineering Design Symposium (SIEDS). IEEE, 301–306. https://doi.org/10.1109/ SIEDS61124.2024.10534706

    work page arXiv 2024

  23. [23]

    MASP Dayarathne, MSM Jayathilaka, RMVA Bandara, V Logeeshan, S Kumarawadu, and C Wanigasekara. 2025. Mitigating Cyber Risks in Smart Cyber-Physical Power Systems through Deep Learning and Hybrid Security Models.IEEE Access(2025). https://doi.org/10.1109/ACCESS.2025.3545637

    work page doi:10.1109/access.2025.3545637 2025

  24. [24]

    Danny Dhillon. 2011. Developer-Driven Threat Modeling: Lessons Learned in the Trenches.IEEE Secur. Priv.9, 4 (2011), 41–47. https://doi.org/10. 1109/MSP.2011.47

    work page 2011

  25. [25]

    Hang Du, Jun Yan, Mohsen Ghafouri, Rawad Zgheib, and Mourad Debbabi. 2024. Modeling and assessment of cyber attacks targeting converter-driven stability of power grids with PMSG-based wind farms.IEEE Transactions on Power Systems39, 5 (2024), 6716–6728. https://doi.org/10.1109/TPWRS. 2024.3365416

    work page doi:10.1109/tpwrs 2024

  26. [26]

    Levent Ertaul and Mina Mousa. 2018. Applying the Kill Chain and Diamond Models to Microsoft Advanced Threat Analytics. (2018)

    work page 2018

  27. [27]

    Fernandez

    Eduardo B. Fernandez. 2016. Threat Modeling in Cyber-Physical Systems. In2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). IEEE, 448–453. https://doi....

    work page doi:10.1109/dasc-picom-datacom-cyberscitec.2016.89 2016

  28. [28]

    Lars Halvdan Flå and Martin Gilje Jaatun. 2023. A method for threat modelling of industrial control systems. InThe International Conference on Cybersecurity, Situational A wareness and Social Media. Springer, 221–234. https://doi.org/10.1007/978-981-99-6974-6_13

    work page doi:10.1007/978-981-99-6974-6_13 2023

  29. [29]

    Freeman, Curtis St Michel, Robert Smith, and Michael Assante

    Sarah G. Freeman, Curtis St Michel, Robert Smith, and Michael Assante. 2016.Consequence-driven cyber-informed engineering (CCE). Technical Report INL/EXT-16-39212. https://doi.org/10.2172/1341416

    work page doi:10.2172/1341416 2016

  30. [30]

    2017.Framework for cyber-physical systems: volume 1, overview

    Edward R Griffor, Chris Greer, David A Wollman, and Martin J Burns. 2017.Framework for cyber-physical systems: volume 1, overview. Technical Report NIST SP 1500-201. NIST SP 1500–201 pages. https://doi.org/10.6028/NIST.SP.1500-201

    work page doi:10.6028/nist.sp.1500-201 2017

  31. [31]

    Mehrdad Hajizadeh, Nima Afraz, Marco Ruffini, and Thomas Bauschert. 2020. Collaborative cyber attack defense in SDN networks using blockchain technology. In2020 6th IEEE Conference on Network Softwarization (NetSoft). IEEE, 487–492. https://doi.org/10.1109/NetSoft48620.2020.9165396

    work page doi:10.1109/netsoft48620.2020.9165396 2020

  32. [32]

    Sizhe He, Yadong Zhou, Yujie Yang, Ting Liu, Yuxun Zhou, Jie Li, Tong Wu, and Xiaohong Guan. 2024. Cascading Failure in Cyber–Physical Systems: A Review on Failure Modeling and Vulnerability Analysis.IEEE Transactions on Cybernetics(2024). https://doi.org/10.1109/TCYB.2024.3411868

    work page doi:10.1109/tcyb.2024.3411868 2024

  33. [33]

    Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. 2006. Uncover Security Design Flaws using the STRIDE Approach.MSDN Magazine(2006). https://learn.microsoft.com/en-us/archive/msdn-magazine/2006/november/uncover-security-design-flaws-using-the-stride- approach

    work page 2006

  34. [34]

    Siegfried Hollerer, Wolfgang Kastner, and Thilo Sauter. 2021. Towards a threat modeling approach addressing security and safety in OT environments. In2021 17th IEEE International Conference on Factory Communication Systems (WFCS). IEEE, 37–40. https://doi.org/10.1109/WFCS46889.2021.9483591

    work page doi:10.1109/wfcs46889.2021.9483591 2021

  35. [35]

    Shaofei Huang. 2025. CPS Security Modelling Literature Review Notes. https://github.com/shaofeihuang/CPS-Security-Modelling-Literature-Review Manuscript submitted to ACM 28 Huang et al

    work page 2025

  36. [36]

    Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-Physical Systems Security—A Survey.IEEE Internet of Things Journal4, 6 (2017), 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172

    work page doi:10.1109/jiot.2017.2703172 2017

  37. [37]

    Eric M Hutchins, Michael J Cloppert, and Rohan M Amin. 2011. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. (2011)

    work page 2011

  38. [38]

    Eider Iturbe, Javier Arcas, Erkuden Rios, and Nerea Toledo. 2024. A Multi-layer Approach through Threat Modelling and Attack Simulation for Enhanced Cyber Security Assessment. InProceedings of the 19th International Conference on A vailability, Reliability and Security. 1–8. https: //doi.org/10.1145/3664476.3670458

    work page doi:10.1145/3664476.3670458 2024

  39. [39]

    Mohammad Jbair, Bilal Ahmad, Carsten Maple, and Robert Harrison. 2022. Threat modelling for industrial cyber physical systems in the era of smart manufacturing.Computers in Industry137 (2022), 103611. https://doi.org/10.1016/j.compind.2022.103611

    work page doi:10.1016/j.compind.2022.103611 2022

  40. [40]

    Katsikas, and Vasileios Gkioulos

    Georgios Kavallieratos, Sokratis K. Katsikas, and Vasileios Gkioulos. 2020. Cybersecurity and Safety Co-Engineering of Cyberphysical Systems - A Comprehensive Survey.Future Internet12, 4 (2020), 65. https://doi.org/10.3390/FI12040065

    work page doi:10.3390/fi12040065 2020

  41. [41]

    Shaymaa Mamdouh Khalil, Hayretdin Bahsi, Henry Ochieng’ Dola, Tarmo Korõtko, Kieran McLaughlin, and Vahur Kotkas. 2022. Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System.Computers & Security124 (2022), 102950. https://doi.org/10.1016/j.cose.2022.102950

    work page doi:10.1016/j.cose.2022.102950 2022

  42. [42]

    Shaymaa Mamdouh Khalil, Hayretdin Bahsi, and Tarmo Korõtko. 2023. Threat modeling of industrial control systems: A systematic literature review.Computers & Security136 (2023), 103543. https://doi.org/10.1016/j.cose.2023.103543

    work page doi:10.1016/j.cose.2023.103543 2023

  43. [43]

    Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. 2017. STRIDE-based threat modeling for cyber-physical systems. In2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE, 1–6. https://doi.org/10.1109/ISGTEurope.2017.8260283

    work page doi:10.1109/isgteurope.2017.8260283 2017

  44. [44]

    Kyoung Ho Kim, Kyounggon Kim, and Huy Kang Kim. 2022. STRIDE-based threat modeling and DREAD evaluation for the distributed control system in the oil refinery.ETRI Journal44, 6 (2022), 991–1003. https://doi.org/10.4218/etrij.2021-0181

    work page doi:10.4218/etrij.2021-0181 2022

  45. [45]

    Barbara Kitchenham and Stuart Charters. 2007. Guidelines for performing systematic literature reviews in software engineering

    work page 2007

  46. [46]

    Siwar Kriaa, Ludovic Pietre-Cambacedes, Marc Bouissou, and Yoran Halgand. 2015. A survey of approaches combining safety and security for industrial control systems.Reliability Engineering & System Safety139 (2015), 156–178. https://doi.org/10.1016/j.ress.2015.02.008

    work page doi:10.1016/j.ress.2015.02.008 2015

  47. [47]

    Rajesh Kumar, Rohan Kela, Siddhant Singh, and Rolando Trujillo-Rasua. 2022. APT attacks on industrial control systems: A tale of three incidents. International Journal of Critical Infrastructure Protection37 (2022), 100521. https://doi.org/10.1016/j.ijcip.2022.100521

    work page doi:10.1016/j.ijcip.2022.100521 2022

  48. [48]

    Sebastian Köhler, Richard Baker, Martin Strohmeier, and Ivan Martinovic. 2023. Brokenwire: Wireless Disruption of CCS Electric Vehicle Charging. InProceedings 2023 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2023.23251

    work page doi:10.14722/ndss.2023.23251 2023

  49. [49]

    Karen Li, Awais Rashid, and Anne Roudaut. 2021. Vision: Security-Usability Threat Modeling for Industrial Control Systems. InProceedings of the 2021 European Symposium on Usable Security. ACM, 83–88. https://doi.org/10.1145/3481357.3481527

    work page doi:10.1145/3481357.3481527 2021

  50. [50]

    Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith Stouffer, Cheeyee Tang, and Richard Candell. 2015. Towards a systematic threat modeling approach for cyber-physical systems. In2015 Resilience Week (RWS). 1–6. https://doi.org/10.1109/RWEEK.2015.7287428

    work page doi:10.1109/rweek.2015.7287428 2015

  51. [51]

    Midhya Mathew and Faruk Kazi. 2024. Hardware-in-Loop (HIL) Testbed Design of Thermal Power Plant for Threat Modeling and Attack Vector Analysis.International Journal of Critical Infrastructure Protection45 (2024), 100675. https://doi.org/10.1016/j.ijcip.2024.100675

    work page doi:10.1016/j.ijcip.2024.100675 2024

  52. [52]

    Merwa Mehmood, Zubair Baig, and Naeem Syed. 2024. Securing industrial control systems (ICS) through attack modelling and rule-based learning. In 2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE, 598–602. https://doi.org/10.1109/COMSNETS59351. 2024.10426882

    work page doi:10.1109/comsnets59351 2024

  53. [53]

    Yassine Mekdad, Giuseppe Bernieri, Mauro Conti, and Abdeslam El Fergougui. 2021. A threat model method for ICS malware: the TRISIS case. In Proceedings of the 18th ACM International Conference on Computing Frontiers. ACM, 221–228. https://doi.org/10.1145/3457388.3458868

    work page doi:10.1145/3457388.3458868 2021

  54. [54]

    Tadao Murata. 1989. Petri nets: Properties, analysis and applications.Proc. IEEE77, 4 (1989), 541–580

    work page 1989

  55. [55]

    Muhammad Nouman Nafees, Neetesh Saxena, Alvaro Cardenas, Santiago Grijalva, and Pete Burnap. 2023. Smart Grid Cyber-Physical Situational Awareness of Complex Operational Technology Attacks: A Review.Comput. Surveys55, 10 (2023), 1–36. https://doi.org/10.1145/3565570

    work page doi:10.1145/3565570 2023

  56. [56]

    2024.The NIST Cybersecurity Framework 2.0

    National Institute of Standards and Technology. 2024.The NIST Cybersecurity Framework 2.0. Technical Report NIST CSWP 29 ipd. NIST CSWP 29 ipd pages. https://doi.org/10.6028/NIST.CSWP.29

    work page doi:10.6028/nist.cswp.29 2024

  57. [57]

    Tom Neubert and Claus Vielhauer. 2020. Kill Chain Attack Modelling for Hidden Channel Attack Scenarios in Industrial Control Systems. IFAC-PapersOnLine53, 2 (2020), 11074–11080. https://doi.org/10.1016/j.ifacol.2020.12.246

    work page doi:10.1016/j.ifacol.2020.12.246 2020

  58. [58]

    MM Noor, A Selamat, NA Husain, and O Krejcar. 2024. Security and safety in cyber-physical system (CPS): an inclusive threat model.J. Adv. Res. Appl. Sci. Eng. Technol40, 2 (2024), 176–202. https://doi.org/10.37934/araset.40.2.176202

    work page doi:10.37934/araset.40.2.176202 2024

  59. [59]

    Sarita Paudel, Paul Smith, and Tanja Zseby. 2017. Attack Models for Advanced Persistent Threats in Smart Grid Wide Area Monitoring. InProceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids. ACM, 61–66. https://doi.org/10.1145/3055386.3055390

    work page doi:10.1145/3055386.3055390 2017

  60. [60]

    Giedre Sabaliauskaite and Aditya P. Mathur. 2014. Aligning Cyber-Physical System Safety and Security. InComplex Systems Design & Management Asia, Designing Smart Cities: Proceedings of the First Asia - Pacific Conference on Complex Systems Design & Management, CSD&M Asia 2014, Singapore, December 10-12, 2014. Springer, 41–53. https://doi.org/10.1007/978-3...

    work page doi:10.1007/978-3-319-12544-2_4 2014

  61. [61]

    Vineet Saini, Qiang Duan, and Vamsi Paruchuri. 2008. Threat Modeling Using Attack Trees. (2008)

    work page 2008

  62. [62]

    Olaf Saßnick, Thomas Rosenstatter, Christian Schäfer, and Stefan Huber. 2024. STRIDE-based Methodologies for Threat Modeling of Industrial Control Systems: A Review. In2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS). IEEE, 1–8. https://doi.org/10.1109/ ICPS59941.2024.10639949 Manuscript submitted to ACM Security Modellin...

    work page arXiv 2024

  63. [63]

    Kumar Saurabh, Deepak Gajjala, Krishna Kaipa, Ranjana Vyas, OP Vyas, and Rahamatullah Khondoker. 2024. TMAP: A Threat Modeling and Attack Path Analysis Framework for Industrial IoT Systems (A Case Study of IoM and IoP).Arabian Journal for Science and Engineering49, 9 (2024), 13163–13183. https://doi.org/10.1007/s13369-023-08600-3

    work page doi:10.1007/s13369-023-08600-3 2024

  64. [64]

    Bruce Schneier. 1999. Attack Trees. https://tnlandforms.us/cs594-cns96/attacktrees.pdf

    work page 1999

  65. [65]

    Nataliya Shevchenko, Brent R Frye, and Carol Woody. 2018. Threat Modeling For Cyber-Physical System-of-Systems: Methods Evaluation. (2018)

    work page 2018

  66. [66]

    Laurens Sion, Koen Yskout, Dimitri Van Landuyt, Alexander van den Berghe, and Wouter Joosen. 2020. Security Threat Modeling: Are Data Flow Diagrams Enough?. InICSE ’20: 42nd International Conference on Software Engineering, Workshops, Seoul, Republic of Korea, 27 June - 19 July, 2020. ACM, 254–257. https://doi.org/10.1145/3387940.3392221

    work page doi:10.1145/3387940.3392221 2020

  67. [67]

    B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas. 2018. MITRE ATT&CK: Design and philosophy

    work page 2018

  68. [68]

    Siegel, and Sanjay E

    Dajiang Suo, Joshua E. Siegel, and Sanjay E. Sarma. 2018. Merging safety and cybersecurity analysis in product design.IET Intelligent Transport Systems12, 9 (2018), 1103–1109. https://doi.org/10.1049/iet-its.2018.5323

    work page doi:10.1049/iet-its.2018.5323 2018

  69. [69]

    Zhaozhou Tang, Khaled Serag, Saman Zonouz, Z Berkay Celik, Dongyan Xu, and Raheem Beyah. 2024. ERACAN: Defending Against an Emerging CAN Threat Model. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 1894–1908. https://doi.org/10. 1145/3658644.3690267

    work page arXiv 2024

  70. [70]

    Matt Tatam, Bharanidharan Shanmugam, Sami Azam, and Krishnan Kannoorpatti. 2021. A review of threat modelling approaches for APT-style attacks.Heliyon7, 1 (2021), e05969. https://doi.org/10.1016/j.heliyon.2021.e05969

    work page doi:10.1016/j.heliyon.2021.e05969 2021

  71. [71]

    2015.Risk Centric Threat Modeling: process for attack simulation and threat analysis

    Tony UcedaVelez and Marco M Morana. 2015.Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons

    work page 2015

  72. [72]

    Uzunov and Eduardo B

    Anton V. Uzunov and Eduardo B. Fernández. 2014. An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stand. Interfaces36, 4 (2014), 734–747. https://doi.org/10.1016/J.CSI.2013.12.008

    work page doi:10.1016/j.csi.2013.12.008 2014

  73. [73]

    Fulvio Valenza, Erisa Karafili, Rodrigo Vieira Steiner, and Emil C. Lupu. 2022. A Hybrid Threat Model for Smart Systems.IEEE Transactions on Dependable and Secure Computing20, 5 (2022), 4403–4417. https://doi.org/10.1109/TDSC.2022.3213577

    work page doi:10.1109/tdsc.2022.3213577 2022

  74. [74]

    Xiaoguang Wei, Shibin Gao, Tao Huang, Ettore Bompard, Renjian Pi, and Tao Wang. 2018. Complex network-based cascading faults graph for the analysis of transmission network vulnerability.IEEE Transactions on Industrial Informatics15, 3 (2018), 1265–1276. https://doi.org/10.1109/TII.2018. 2840429

    work page doi:10.1109/tii.2018 2018

  75. [75]

    Wenjun Xiong and Robert Lagerström. 2019. Threat modeling – A systematic literature review.Computers & Security84 (2019), 53–69. https: //doi.org/10.1016/j.cose.2019.03.010

    work page doi:10.1016/j.cose.2019.03.010 2019

  76. [76]

    Yunhe Yang and Mu Zhang. 2023. From Tactics to Techniques: A Systematic Attack Modeling for Advanced Persistent Threats in Industrial Control Systems. In2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 336–344. https://doi.org/10.1109/EuroSPW59978. 2023.00042

    work page doi:10.1109/eurospw59978 2023

  77. [77]

    Shahzaib Zahid, Muhammad Shoaib Mazhar, Syed Ghazanfar Abbas, Zahid Hanif, Sadaf Hina, and Ghalib A. Shah. 2023. Threat modeling in smart firefighting systems: Aligning MITRE ATT&CK matrix and NIST security controls.Internet of Things22 (2023), 100766. https://doi.org/10.1016/j.iot. 2023.100766

    work page doi:10.1016/j.iot 2023

  78. [78]

    Kornecki

    Janusz Zalewski, Steven Drager, William McKeever, and Andrew J. Kornecki. 2013. Threat modeling for security assessment in cyberphysical systems. InProceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. ACM, 1–4. https://doi.org/10.1145/2459976.2459987

    work page doi:10.1145/2459976.2459987 2013

  79. [79]

    Piotr Żebrowski, Aitor Couce-Vieira, and Alessandro Mancuso. 2022. A Bayesian framework for the analysis and optimal mitigation of cyber threats to cyber-physical systems.Risk Analysis42, 10 (2022), 2275–2290. https://doi.org/10.1111/risa.13900

    work page doi:10.1111/risa.13900 2022

  80. [80]

    Kengo Zenitani. 2023. Attack graph analysis: An explanatory guide.Comput. Secur.126 (2023), 103081. https://doi.org/10.1016/J.COSE.2022.103081

    work page doi:10.1016/j.cose.2022.103081 2023

Showing first 80 references.