{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T15:23:05Z","timestamp":1780672985150,"version":"3.54.1"},"reference-count":83,"publisher":"Association for Computing Machinery (ACM)","issue":"2","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,4,30]]},"abstract":"<jats:p>Cyber-physical systems are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on cyber-physical systems have brought attention to the vulnerability of these systems and the inherent weaknesses of critical infrastructure reliant on them. Security modelling for cyber-physical systems is an important mechanism to systematically identify and assess vulnerabilities, threats and risks throughout system lifecycles, and to ultimately ensure system resilience, safety and reliability. This survey delves into state-of-the-art research on security modelling for cyber-physical systems, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This article elaborates on the differences between threat and attack modelling, examining their implications for cyber-physical system security. We conducted a systematic search that yielded 449 papers, from which 32 were selected and categorised into 3 clusters: those focused on threat modelling methods, attack modelling methods and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and attacker capabilities throughout the lifecycle of cyber-physical systems, which typically span longer durations compared to traditional IT systems. This article also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path and multi-agent characteristics of real-world cyber-physical attacks.<\/jats:p>","DOI":"10.1145\/3776549","type":"journal-article","created":{"date-parts":[[2025,11,11]],"date-time":"2025-11-11T14:45:51Z","timestamp":1762872351000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Security Modelling for Cyber-Physical Systems: A Systematic Literature Review"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-3954-1843","authenticated-orcid":false,"given":"Shaofei","family":"Huang","sequence":"first","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9376-2471","authenticated-orcid":false,"given":"Christopher M.","family":"Poskitt","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5130-0407","authenticated-orcid":false,"given":"Lwin Khin","family":"Shar","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,4,21]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"[n.\u2009d.]. ISA\/IEC 62443 Series of Standards. Retrieved from https:\/\/tinyurl.com\/479yrubw"},{"key":"e_1_3_1_3_2","unstructured":"[n.\u2009d.]. Microsoft Threat Modeling Tool. Retrieved from https:\/\/tinyurl.com\/y3my76sa"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103391"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPEL.2023.3342842"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISGT49243.2021.9372271"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/STI50764.2020.9350452"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/W-FICLOUD.2016.29"},{"key":"e_1_3_1_9_2","unstructured":"Otis Alexander Misha Belisle and Jacob Steele. 2020. MITRE ATT&CK\u00ae for Industrial Control Systems: Design and Philosophy. Retrieved from https:\/\/tinyurl.com\/2kv5u5jt"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2017.69"},{"key":"e_1_3_1_11_2","unstructured":"Michael J. Assante and Robert M. Lee. 2015. The Industrial Control System Cyber Kill Chain. Retrieved from https:\/\/tinyurl.com\/4dnp8xnn"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(18)30025-4"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.3390\/app14188398"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3678260"},{"key":"e_1_3_1_15_2","volume-title":"Proceedings of the Embedded World Conference","author":"Bolz Robin","year":"2020","unstructured":"Robin Bolz, Marcel Rumez, Florian Sommer, J\u00fcrgen D\u00fcrrwang, and Reiner Kriesten. 2020. Enhancement of cyber security for cyber physical systems in the automotive field through attack analysis. In Proceedings of the Embedded World Conference."},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2012.08.002"},{"key":"e_1_3_1_17_2","unstructured":"Sergio Caltagirone Andrew Pendergast and Christopher Betz. 2013. The Diamond Model of Intrusion Analysis. Retrieved from https:\/\/tinyurl.com\/z8j9sfbv"},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSG.2011.2160000"},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2021.3107783"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134639"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/IWIA.2006.17"},{"key":"e_1_3_1_22_2","unstructured":"Stanislav Dashevskyi Francesco La Spina and Daniel Dos Santos. 2025. SUN:DOWN destabilizing the grid via orchestrated exploitation of solar power systems. Retrieved from https:\/\/tinyurl.com\/n6m4x25t"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/SIEDS61124.2024.10534706"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2025.3545637"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.47"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPWRS.2024.3365416"},{"key":"e_1_3_1_27_2","unstructured":"Levent Ertaul and Mina Mousa. 2018. Applying the Kill Chain and Diamond Models to Microsoft Advanced Threat Analytics. Retrieved from https:\/\/tinyurl.com\/22pvpr7a"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICom-DataCom-CyberSciTec.2016.89"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-6974-6_13"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","unstructured":"Sarah G. Freeman Curtis St Michel Robert Smith and Michael Assante. 2016. Consequence-driven cyber-informed engineering (CCE). Technical Report INL\/EXT-16-39212. DOI: 10.2172\/1341416","DOI":"10.2172\/1341416"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","unstructured":"Edward R. Griffor Chris Greer David A. Wollman and Martin J. Burns. 2017. Framework for cyber-physical systems: Volume 1 overview. Technical Report NIST SP 1500-201. NIST SP 1500\u2013201 pages. DOI: 10.6028\/NIST.SP.1500-201","DOI":"10.6028\/NIST.SP.1500-201"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/NetSoft48620.2020.9165396"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2024.3411868"},{"key":"e_1_3_1_34_2","unstructured":"Shawn Hernan Scott Lambert Tomasz Ostwald and Adam Shostack. 2006. 2006. Uncover Security Design Flaws using the STRIDE Approach. MSDN Magazine. Retrieved from https:\/\/tinyurl.com\/47jts7xf"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/WFCS46889.2021.9483591"},{"key":"e_1_3_1_36_2","unstructured":"Shaofei Huang. 2025. CPS Security Modelling Literature Review Notes. Retrieved from https:\/\/tinyurl.com\/35zdx6c6"},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2703172"},{"key":"e_1_3_1_38_2","unstructured":"Eric M. Hutchins Michael J. Cloppert and Rohan M. Amin. 2011. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Retrieved from https:\/\/tinyurl.com\/tkf3npnh"},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3664476.3670458"},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2022.103611"},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.3390\/FI12040065"},{"key":"e_1_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102950"},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103543"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISGTEurope.2017.8260283"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.4218\/etrij.2021-0181"},{"key":"e_1_3_1_46_2","unstructured":"Barbara Kitchenham and Stuart Charters. 2007. Guidelines for performing systematic literature reviews in software engineering. Retrieved from https:\/\/tinyurl.com\/3mjx2pdd"},{"key":"e_1_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2015.02.008"},{"key":"e_1_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2022.100521"},{"key":"e_1_3_1_49_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23251"},{"key":"e_1_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3481357.3481527"},{"key":"e_1_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1109\/RWEEK.2015.7287428"},{"key":"e_1_3_1_52_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2024.100675"},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS59351.2024.10426882"},{"key":"e_1_3_1_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/3457388.3458868"},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/5.24143"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3565570"},{"key":"e_1_3_1_57_2","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology. 2024. The NIST Cybersecurity Framework 2.0. Technical Report NIST CSWP 29 ipd. NIST CSWP 29 ipd pages. DOI: 10.6028\/NIST.CSWP.29","DOI":"10.6028\/NIST.CSWP.29"},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ifacol.2020.12.246"},{"key":"e_1_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.37934\/araset.40.2.176202"},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/3055386.3055390"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-12544-2_4"},{"key":"e_1_3_1_62_2","unstructured":"Vineet Saini Qiang Duan and Vamsi Paruchuri. 2008. Threat Modeling Using Attack Trees. Retrieved from https:\/\/tinyurl.com\/yc7ts38a"},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPS59941.2024.10639949"},{"key":"e_1_3_1_64_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13369-023-08600-3"},{"key":"e_1_3_1_65_2","unstructured":"Bruce Schneier. 1999. Attack Trees. Retrieved from https:\/\/tinyurl.com\/kppztt7"},{"key":"e_1_3_1_66_2","unstructured":"Nataliya Shevchenko Brent R. Frye and Carol Woody. 2018. Threat Modeling For Cyber-Physical System-of-Systems: Methods Evaluation. Retrieved from https:\/\/tinyurl.com\/4twm6fvh"},{"key":"e_1_3_1_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3387940.3392221"},{"key":"e_1_3_1_68_2","unstructured":"B. E. Strom A. Applebaum D. P. Miller K. C. Nickels A. G. Pennington and C. B. Thomas. 2018. MITRE ATT&CK: Design and philosophy. Retrieved from https:\/\/tinyurl.com\/mt3wuwta"},{"key":"e_1_3_1_69_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-its.2018.5323"},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690267"},{"key":"e_1_3_1_71_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2021.e05969"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374"},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.1016\/J.CSI.2013.12.008"},{"key":"e_1_3_1_74_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3213577"},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2840429"},{"key":"e_1_3_1_76_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.03.010"},{"key":"e_1_3_1_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW59978.2023.00042"},{"key":"e_1_3_1_78_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2023.100766"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.1145\/2459976.2459987"},{"key":"e_1_3_1_80_2","doi-asserted-by":"publisher","DOI":"10.1111\/risa.13900"},{"key":"e_1_3_1_81_2","doi-asserted-by":"publisher","DOI":"10.1016\/J.COSE.2022.103081"},{"key":"e_1_3_1_82_2","doi-asserted-by":"publisher","DOI":"10.1002\/rnc.7274"},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/iThings\/CPSCom.2011.34"},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3058403"}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3776549","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T06:35:05Z","timestamp":1776839705000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3776549"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,21]]},"references-count":83,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,4,30]]}},"alternative-id":["10.1145\/3776549"],"URL":"https:\/\/doi.org\/10.1145\/3776549","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,21]]},"assertion":[{"value":"2024-09-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-28","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-04-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}