Author ORCID Identifier
Doctor of Philosophy
Electrical & Computer Engineering
Characterizing the attacker’s perspective is essential to assessing the security posture and resilience of cyber-physical systems. The attacker’s perspective is most often achieved by cyber-security experts (e.g., red teams) who critically challenge and analyze the system from an adversarial stance. Unfortunately, the knowledge and experience of cyber-security experts can be inconsistent leading to situations where there are gaps in the security assessment of a given system. Structured security review processes (such as TAM, Mission Aware, STPA-SEC, and STPA-SafeSec) attempt to standardize the review processes to impart consistency across an organization or application domain. However, with most security review processes, the attackers’ perspectives are ad hoc and often lack structure. Attacker modeling is a potential solution but there is a lack of uniformity in published literature and a lack of structured methods to integrate the attacker perspective into established security review processes.
This dissertation proposes a generalized framework for characterizing and evaluating attacker models for CPS security assessment. We developed this framework from a structured literature survey on attacker model characteristics which we used to create an ontology of attacker models from a context of security assessment. This generalized framework facilitates the characterization and functional representation of attacker models, leveraged in a novel scalable integration workflow. This workflow leverages an intermediate functional representation module to integrate attacker models into a security review process. In conclusion, we demonstrate the efficacy of our attacker modeling framework through a use case in which we integrate an attacker model into an established security review process.
© Christopher Deloglos
Is Part Of
VCU University Archives
Is Part Of
VCU Theses and Dissertations
Date of Submission
Computer and Systems Architecture Commons, Controls and Control Theory Commons, Digital Communications and Networking Commons, Electrical and Electronics Commons, Hardware Systems Commons, Systems and Communications Commons