{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T02:06:57Z","timestamp":1768961217731,"version":"3.49.0"},"reference-count":85,"publisher":"Association for Computing Machinery (ACM)","issue":"1","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,1,31]]},"abstract":"<jats:p>Cyber-Physical Systems (CPS) implement critical infrastructures, in which physical objects interact with services of the cyber domain consequently building a heterogeneous System-of-Systems (SoS). Although this marriage extends the functionality of traditionally closed systems, it also introduces a variety of challenges\u2014especially for engineers. One critical aspect relates to establishing and sustaining a sufficient level of security, as exploited vulnerabilities may cause severe effects, either toward involved humans or sensitive information. Consequently, engineers must be aware of potential security-related threats and vulnerabilities. To this end, threat models are usually used to identify such weaknesses within a specification. However, existing solutions may not be able to comprehensively identify all threats in a CPS-like environment, as they often do not consider all relevant dependencies between interacting systems on an SoS level. To address this gap, we have elaborated a methodology\u2014called Semantic Threat Model (STM), which can identify and evaluate potential threats toward a given CPS specification. In detail, the framework focuses on the semantic relationships and side effects between security objects, e.g., attacks, and the actual specification of the CPS. In contrast to existing solutions, STM takes an SoS point of view, while analyzing semantic data to gain a comprehensive view on security. The quantitative output of the method can then be used to identify the most severe attacks or to point out necessary security enhancements. We highlight the usage and benefits of the STM in the form of a case study in the domain of intelligent transportation systems.<\/jats:p>","DOI":"10.1145\/3777450","type":"journal-article","created":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T15:17:34Z","timestamp":1764256654000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["A Semantic Threat Model to Evaluate Security Threats in Cyber-Physical Systems"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8990-4775","authenticated-orcid":false,"given":"Andreas","family":"Aigner","sequence":"first","affiliation":[{"name":"Computer Science, University of Applied Science Landshut, Landshut, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4536-8058","authenticated-orcid":false,"given":"Abdelmajid","family":"Khelil","sequence":"additional","affiliation":[{"name":"Computer Science, University of Applied Science Landshut, Landshut, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,1,20]]},"reference":[{"key":"e_1_3_1_2_2","volume-title":"Cyber-Physical Systems, CIRP Encyclopedia of Production Engineering","author":"Monostori L.","year":"2018","unstructured":"L. Monostori. 2018. Cyber-Physical Systems, CIRP Encyclopedia of Production Engineering. Springer."},{"key":"e_1_3_1_3_2","unstructured":"T. Lusco. 2018. ARC-IT\u2014The Architecture Reference for Cooperative and Intelligent Transportation. U.S. Department of Transportation."},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/3312614.3313779"},{"key":"e_1_3_1_5_2","volume-title":"Proceedings of the 2nd International Conference on Smart Grid and Smart Cities","author":"Essa A.","year":"2018","unstructured":"A. Essa, T. Al-Shoura, A. Al Nabulsi, A. R. Al-Ali, and F. Aloul. 2018. Cyber physical sensors system security: Threats, vulnerabilities, and solutions. In Proceedings of the 2nd International Conference on Smart Grid and Smart Cities. IEEE."},{"key":"e_1_3_1_6_2","volume-title":"Proceedings of the International Conference on Communications and Signal Processing","author":"Singh S.","year":"2020","unstructured":"S. Singh, N. Yadav, and P. K. Chuarasia. 2020. A review of cyber physical system attacks: Issues and challenges. In Proceedings of the International Conference on Communications and Signal Processing. IEEE."},{"issue":"1","key":"e_1_3_1_7_2","first-page":"48","article-title":"Insecurity by design: Todays IoT device security problem","volume":"2","author":"O\u2019Neill M.","year":"2016","unstructured":"M. O\u2019Neill. 2016. Insecurity by design: Todays IoT device security problem. Journal on Engineering 2, 1 (2016), 48\u201319.","journal-title":"Journal on Engineering"},{"key":"e_1_3_1_8_2","volume-title":"Proceedings of the International Symposium on Technology and Society","author":"Dennis J.","year":"2021","unstructured":"J. Dennis, C. Grady, and S. Rajtmajer. 2021. Comparative assessment of cyber-physical threats to megacities. In Proceedings of the International Symposium on Technology and Society. IEEE."},{"key":"e_1_3_1_9_2","volume-title":"Proceedings of the International Conference on Information Science and Communications Technologies","author":"Basan E.","year":"2022","unstructured":"E. Basan, N. Proshkin, and M. Shulika. 2022. Development of test stands of cyber-physical systems for security analysis. In Proceedings of the International Conference on Information Science and Communications Technologies. IEEE."},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","DOI":"10.1002\/9781118988374","volume-title":"Threat Modeling Overview, Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis","author":"Uceda-Velez T.","year":"2015","unstructured":"T. Uceda-Velez and M. Morana. 2015. Threat Modeling Overview, Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Wiley Data and Cybersecurity."},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"key":"e_1_3_1_12_2","first-page":"49","volume-title":"IEEE Security and Privacy","author":"Langer R.","year":"2011","unstructured":"R. Langer. 2011. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security and Privacy 9, 3 (2011), 49\u201351."},{"issue":"1","key":"e_1_3_1_13_2","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/S1353-4858(09)70008-X","article-title":"Microsoft SDL threat modelling tool","volume":"2009","author":"Potter B.","year":"2009","unstructured":"B. Potter. 2009. Microsoft SDL threat modelling tool. Network Security 2009, 1 (2009), 15\u201318.","journal-title":"Network Security"},{"key":"e_1_3_1_14_2","volume-title":"Common Criteria: Origins and Overview, Smart Cards, Tokens, Security and Applications","author":"Tierney J.","year":"2017","unstructured":"J. Tierney and T. Boswell. 2017. Common Criteria: Origins and Overview, Smart Cards, Tokens, Security and Applications. Springer."},{"issue":"4","key":"e_1_3_1_15_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3005714","article-title":"A survey on systems security metrics","volume":"49","author":"Pendleton M.","year":"2016","unstructured":"M. Pendleton, R. Carcia-Lebron, J. Cho, and S. Xu. 2016. A survey on systems security metrics. Computing Surveys 49, 4 (2016), 1\u201335.","journal-title":"Computing Surveys"},{"key":"e_1_3_1_16_2","volume-title":"Threat Modeling for Cyber-Physical System-of-Systems: Methods Evaluation","author":"Shevchenko N.","year":"2018","unstructured":"N. Shevchenko, B. Frye, and C. Woody. 2018. Threat Modeling for Cyber-Physical System-of-Systems: Methods Evaluation. White Paper. Carnegie Mellon University."},{"key":"e_1_3_1_17_2","volume-title":"Proceedings of the 7th International Conference of Availability, Reliability and Security","author":"Rudolph M.","year":"2021","unstructured":"M. Rudolph and R. Schwarz. 2021. A critical survey of security indicator approaches. In Proceedings of the 7th International Conference of Availability, Reliability and Security. IEEE."},{"key":"e_1_3_1_18_2","volume-title":"Proceedings of the 3rd International Conference on Artificial Intelligence and Smart Energy","author":"Balamurugan K.","year":"2023","unstructured":"K. Balamurugan, T. Sudalaimuthu, and V. Sherlin Solomi. 2023. An analysis of various cyber threat modeling. In Proceedings of the 3rd International Conference on Artificial Intelligence and Smart Energy. IEEE."},{"issue":"3","key":"e_1_3_1_19_2","first-page":"727","article-title":"A review on cybersecurity analysis, attack detection, and attack defense methods in cyber-physical power systems","volume":"11","author":"Du Dajun","year":"2022","unstructured":"Dajun Du, Minggao Zhu, Xue Li, Minrui Fei, Siqi Bu, Lei Wu, and Kang Li. 2022. A review on cybersecurity analysis, attack detection, and attack defense methods in cyber-physical power systems. Journal of Modern Power Systems and Clean Energy 11, 3 (2022), 727\u2013743.","journal-title":"Journal of Modern Power Systems and Clean Energy"},{"key":"e_1_3_1_20_2","volume-title":"Proceedings of the 2nd IEEE Workshop on Security Trust Privacy for Emerging Cyber-Physical Systems","author":"Aigner A.","year":"2020","unstructured":"A. Aigner and A. Khelil. 2020. A benchmark of security metrics for cyber-physical systems. In Proceedings of the 2nd IEEE Workshop on Security Trust Privacy for Emerging Cyber-Physical Systems. IEEE."},{"key":"e_1_3_1_21_2","volume-title":"Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems","author":"Hartsell C.","year":"2021","unstructured":"C. Hartsell, S. Ramakrishna, A. Dubey, D. Stojcsics, N. Mahadevan, and G. Karsai. 2021. ReSonAte: A runtime risk assessment framework for autonomous systems. In Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems. IEEE."},{"key":"e_1_3_1_22_2","volume-title":"Proceedings of the International Conference on Inventive Computing and Informatics","author":"Borkar A.","year":"2017","unstructured":"A. Borkar, A. Donode, and A. Kumari. 2017. A survey on intrusion detection system (IDS) and internal intrusion detection and protection system (IIDPS). In Proceedings of the International Conference on Inventive Computing and Informatics. IEEE."},{"key":"e_1_3_1_23_2","volume-title":"Proceedings of the International Conference on Computer Communication and Informatics","author":"Nithishi K.","year":"2023","unstructured":"K. Nithishi and D. Saveetha. 2023. Detection of cyber attack using artificial intelligence. In Proceedings of the International Conference on Computer Communication and Informatics. IEEE."},{"key":"e_1_3_1_24_2","volume-title":"Proceedings of the 6th International Conference on Industrial Cyber-Physical Systems (ICPS)","author":"Eke H. N.","year":"2023","unstructured":"H. N. Eke and A. Petrovski. 2023. Advanced persistent threats detection based on deep learning approach. In Proceedings of the 6th International Conference on Industrial Cyber-Physical Systems (ICPS). IEEE."},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2021.3091150"},{"key":"e_1_3_1_26_2","volume-title":"Proceedings of the International Conference on Wireless Communications, Signal Processing and Networking","author":"Gokarn V.","year":"2017","unstructured":"V. Gokarn, V. Kulkarni, and P. Singh. 2017. Enhancing cyber physical system security via anomaly detection using behavior analysis. In Proceedings of the International Conference on Wireless Communications, Signal Processing and Networking. IEEE."},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/TASE.2021.3073396"},{"key":"e_1_3_1_28_2","volume-title":"Proceedings of the International Conference on Information, Intelligence, Systems and Applications","author":"Pantopoulou S.","year":"2020","unstructured":"S. Pantopoulou, P. L. Lagari, C. H. Townsend, and L. H. Tsoukalas. 2020. Critical systems under cyber threats. In Proceedings of the International Conference on Information, Intelligence, Systems and Applications. IEEE."},{"key":"e_1_3_1_29_2","article-title":"Novel EEG sensor-based risk framework for the detection of insider threats in safety critical industrial infrastructure","volume":"8","author":"Al Hammadi Ahmed Y.","year":"2020","unstructured":"Ahmed Y. Al Hammadi, Dongkun Lee, Chan Yeob Yeun, Ernesto Damiani, Song-Kyoo Kim, Paul D. Yoo, and Ho-Jin Choi. 2020. Novel EEG sensor-based risk framework for the detection of insider threats in safety critical industrial infrastructure. IEEE Access 8 (2020).","journal-title":"IEEE Access"},{"key":"e_1_3_1_30_2","volume-title":"Federal Information Processing Standard (FIPS) 199, Standards for Security","author":"Radack S. M.","year":"2004","unstructured":"S. M. Radack. 2004. Federal Information Processing Standard (FIPS) 199, Standards for Security. ITL Bulletin. NIST."},{"issue":"2","key":"e_1_3_1_31_2","article-title":"Securing your control system: The \u201cCIA triad\u201d is a widely used benchmark for evaluating information system security effectiveness","volume":"112","author":"Fenrich K.","year":"2008","unstructured":"K. Fenrich. 2008. Securing your control system: The \u201cCIA triad\u201d is a widely used benchmark for evaluating information system security effectiveness. Power Engineering 112, 2 (2008).","journal-title":"Power Engineering"},{"key":"e_1_3_1_32_2","volume-title":"Proceedings of the International Conference on Computing, Electronic and Electrical Engineering","author":"Jamaludin J.","year":"2018","unstructured":"J. Jamaludin and J. M. Rohani. 2018. Cyber-physical system (CPS): State of the art. In Proceedings of the International Conference on Computing, Electronic and Electrical Engineering. IEEE."},{"key":"e_1_3_1_33_2","volume-title":"Proceedings of the 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems","author":"Chen B.","year":"2017","unstructured":"B. Chen, Z. Liu, Y. Tang, J. Huang, G. Zhang, and Y. Fan. 2017. Typical characteristics and test platform of CPS for distribution network. In Proceedings of the 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems. IEEE."},{"key":"e_1_3_1_34_2","volume-title":"Proceedings of the 17th IEEE International Multi Topic Conference","author":"Jattala I.","year":"2014","unstructured":"I. Jattala, I. Ghafoor, S. Durrani, and C. Tahir. 2014. Analysis of OpenSSL heartbleed vulnerability for embedded systems. In Proceedings of the 17th IEEE International Multi Topic Conference. IEEE."},{"key":"e_1_3_1_35_2","first-page":"45","volume-title":"IT Professional","author":"Black P. E.","year":"2014","unstructured":"P. E. Black. 2014. NIST contributions to IT. IT Professional 16, 2 (2014), 45\u201349."},{"key":"e_1_3_1_36_2","volume-title":"Proceedings of the 3rd International Conference on Information and Computing","author":"Yun-Hua G.","year":"2010","unstructured":"G. Yun-Hua and L. Pei. 2010. Design and research on vulnerability database. In Proceedings of the 3rd International Conference on Information and Computing. IEEE."},{"key":"e_1_3_1_37_2","volume-title":"Proceedings of the IEEE PES Innovative Smart Grid Technologies Conference","author":"Khan R.","year":"2017","unstructured":"R. Khan, K. McLaughlin, D. Laverty, and S. Sezer. 2017. STRIDE-based threat modeling for cyber-physical systems. In Proceedings of the IEEE PES Innovative Smart Grid Technologies Conference. IEEE."},{"key":"e_1_3_1_38_2","volume-title":"Proceedings of the 21st European Symposium on Research in Computer Security","author":"Rocchetto M.","year":"2016","unstructured":"M. Rocchetto and N. O. Tippenhauer. 2016. On attacker models and profiles for cyber-physical systems. In Proceedings of the 21st European Symposium on Research in Computer Security. Springer."},{"issue":"6","key":"e_1_3_1_39_2","first-page":"85","article-title":"Common vulnerability scoring system","volume":"4","author":"Chandramouli R.","year":"2006","unstructured":"R. Chandramouli, T. Grance, R. Kuhn, and S. Landau. 2006. Common vulnerability scoring system. Emerging Standards\u2014Security & Privacy 4, 6 (2006), 85\u201389.","journal-title":"Emerging Standards\u2014Security & Privacy"},{"key":"e_1_3_1_40_2","volume-title":"Proceedings of the 2nd International Conference on Computer, Control and Communication","author":"Khand P.","year":"2009","unstructured":"P. Khand. 2009. System level security modeling using attack trees. In Proceedings of the 2nd International Conference on Computer, Control and Communication. IEEE."},{"key":"e_1_3_1_41_2","volume-title":"Proceedings of 7th International Conference on Parallel, Distributed and Grid Computing","author":"Sheikh Z. A.","year":"2022","unstructured":"Z. A. Sheikh and Y. Singh. 2022. A hybrid threat assessment model for security of cyber physical systems. In Proceedings of 7th International Conference on Parallel, Distributed and Grid Computing. IEEE."},{"key":"e_1_3_1_42_2","volume-title":"An Attack Graph-Based Probabilistic Security Metric, Data and Applications Security XXII","author":"Wang L.","year":"2008","unstructured":"L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia. 2008. An Attack Graph-Based Probabilistic Security Metric, Data and Applications Security XXII. Springer."},{"key":"e_1_3_1_43_2","volume-title":"Proceedings of the International Conference on Dependable Systems and Networks","author":"Xie P.","year":"2010","unstructured":"P. Xie, J. Li, X. Ou, P. Liu, and R. Levy. 2010. Using Bayesian networks for cyber security analysis. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE."},{"key":"e_1_3_1_44_2","volume-title":"International Journal of Information Management","author":"de Gusmao A. P. H.","year":"2018","unstructured":"A. P. H. de Gusmao, M. M. Silva, T. Poleto, L. C. Silva, and A. P. C. S. Costa. 2018. Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory. International Journal of Information Management 43 (2018)."},{"key":"e_1_3_1_45_2","volume-title":"Proceedings of the International Conference on Availability, Reliability and Security","author":"Beckers K.","year":"2013","unstructured":"K. Beckers, D. Hatebur, and M. Heisel. 2013. A problem-based threat analysis in compliance with common criteria. In Proceedings of the International Conference on Availability, Reliability and Security. IEEE."},{"key":"e_1_3_1_46_2","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2023.3243906","article-title":"An integrated approach of threat analysis for autonomous vehicles perception system","volume":"11","author":"Ghosh S.","year":"2023","unstructured":"S. Ghosh, A. Zaboli, J. Hong, and J. Kwon. 2023. An integrated approach of threat analysis for autonomous vehicles perception system. IEEE Access 11 (2023).","journal-title":"IEEE Access"},{"key":"e_1_3_1_47_2","volume-title":"Proceedings of the Information Security Curriculum Development Conference","author":"Williams I.","year":"2015","unstructured":"I. Williams and X. Yuan. 2015. Evaluating the effectiveness of Microsoft threat modeling tool. In Proceedings of the Information Security Curriculum Development Conference. ACM."},{"key":"e_1_3_1_48_2","volume-title":"Proceedings of the International Symposium on Technologies for Homeland Security","author":"Mishina Y.","year":"2018","unstructured":"Y. Mishina, K. Takaragi, and K. Umezawa. 2018. A method of threat analysis for cyber-physical system using vulnerability databases. In Proceedings of the International Symposium on Technologies for Homeland Security. IEEE."},{"key":"e_1_3_1_49_2","volume-title":"Proceedings of the 10th Latin-American Symposium on Dependable Computing","author":"F\u00f6ldvari A.","year":"2021","unstructured":"A. F\u00f6ldvari, G. Biczok, I. Kocsis, L. G\u00f6nczy, and A. Pataricza. 2021. Impact assessment of IT security breaches in cyber-physical systems: Short paper. In Proceedings of the 10th Latin-American Symposium on Dependable Computing. IEEE."},{"key":"e_1_3_1_50_2","first-page":"341","article-title":"A study on threat analysis and risk assessment based on the \u201casset container\u201d method and CWSS","volume":"11","author":"Kawanishi Yasuyuki","year":"2023","unstructured":"Yasuyuki Kawanishi, Hideaki Nishihara, Hirotaka Yoshida, Hideki Yamamoto, and Hiroyuki Inoue. 2023. A study on threat analysis and risk assessment based on the \u201casset container\u201d method and CWSS. IEEE Access 11 (2023), 341\u2013349.","journal-title":"IEEE Access"},{"key":"e_1_3_1_51_2","volume-title":"Proceedings of the 3rd International Conference on Artificial Intelligence and Smart Systems","author":"Balamurugan K.","year":"2023","unstructured":"K. Balamurugan, T. Sudalaimuthu, and V. Sherlin Solomi. 2023. An analysis of various cyber threat modeling. In Proceedings of the 3rd International Conference on Artificial Intelligence and Smart Systems. IEEE."},{"key":"e_1_3_1_52_2","volume-title":"Proceedings of the Power and Energy Society Innovative Smart Grid Technologies Conference","author":"Kummerow A.","year":"2021","unstructured":"A. Kummerow, D. R\u00f6sch, S. Nicolai, C. Brosinky, D. Westermann, and E. Naumann. 2021. Attacking dynamic power system control centers\u2014A cyber-physical threat analysis. In Proceedings of the Power and Energy Society Innovative Smart Grid Technologies Conference. IEEE."},{"key":"e_1_3_1_53_2","volume-title":"Proceedings of the International Conference on Industrial Internet","author":"Chen J.","year":"2019","unstructured":"J. Chen, H. Zhu, Z. Chen, X. Cai, and L. Yang. 2019. Fuzzy hierarchy analysis model. In Proceedings of the International Conference on Industrial Internet. IEEE."},{"key":"e_1_3_1_54_2","doi-asserted-by":"crossref","unstructured":"C. Alberts S. Behrens R. Pethia and W. Wilson. 1999. Operationally Critical Threat Asset and Vulnerability Evaluation (OCTAVE) Framework. Technical Report. Carnegie Mellon University.","DOI":"10.21236\/ADA367718"},{"key":"e_1_3_1_55_2","volume-title":"Proceedings of the International Conference on Industrial Engineering and Engineering Management","author":"Wu W.","year":"2015","unstructured":"W. Wu, R. Kang, and Z. Li. 2015. Risk assessment method for cyber-security of cyber-physical systems based on inter-dependency of vulnerabilities. In Proceedings of the International Conference on Industrial Engineering and Engineering Management. IEEE."},{"key":"e_1_3_1_56_2","volume-title":"Proceedings of the International Symposium on Networks, Computers and Communications","author":"Rekik M.","year":"2018","unstructured":"M. Rekik, C. Gransart, and M. Berbineau. 2018. Cyber-physical threats and vulnerabilities analysis for train control and monitoring systems. In Proceedings of the International Symposium on Networks, Computers and Communications. IEEE."},{"key":"e_1_3_1_57_2","volume-title":"Proceedings of the 6th International Conference on Computer, Software and Modeling","author":"Asadollah S. A.","year":"2022","unstructured":"S. A. Asadollah. 2022. Cyberattacks: Modeling, analysis, and mitigation. In Proceedings of the 6th International Conference on Computer, Software and Modeling. IEEE."},{"key":"e_1_3_1_58_2","unstructured":"K. Wuyts and W. Joosen. 2015. LINDDUN Privacy Threat Modeling: A Tutorial. Technical Report. KU Leuven."},{"key":"e_1_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374"},{"key":"e_1_3_1_60_2","unstructured":"N. Maed S. Vemuru and O. Villadsen. 2018. A Hybrid Threat Modeling Method. Technical Report. Carnegie Mellon University."},{"key":"e_1_3_1_61_2","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/MS.2014.85","article-title":"How well do you know your personae non gratae","volume":"31","author":"Cleland-Huang J.","year":"2014","unstructured":"J. Cleland-Huang. 2014. How well do you know your personae non gratae? IEEE Software 31 (2014), 28\u201331.","journal-title":"IEEE Software"},{"key":"e_1_3_1_62_2","volume-title":"Security and Privacy Threat Discovery Cards","author":"Denning T.","year":"2013","unstructured":"T. Denning, B. Friedman, and T. Kohno. 2013. Security and Privacy Threat Discovery Cards. Technical Report. University of Washington."},{"key":"e_1_3_1_63_2","unstructured":"P. Saitta B. Larcom and M. Eddington. 2005. Trike v.1 Methodology Document. Documentation."},{"key":"e_1_3_1_64_2","volume-title":"VAST Methodology","author":"ThreatModeler","year":"2018","unstructured":"ThreatModeler. 2018. VAST Methodology. White Paper."},{"key":"e_1_3_1_65_2","doi-asserted-by":"publisher","DOI":"10.1145\/2898375.2898390"},{"key":"e_1_3_1_66_2","volume-title":"Proceedings of the 7th Annual Information Technology, Electronics and Mobile Communication Conference","author":"Liu X.","year":"2016","unstructured":"X. Liu, J. Zhang, and P. Zhu. 2016. Dependence analysis based cyber-physical security assessment for critical infrastructure networks. In Proceedings of the 7th Annual Information Technology, Electronics and Mobile Communication Conference. IEEE."},{"key":"e_1_3_1_67_2","volume-title":"Proceedings of the 8th World Forum on Internet of Things","author":"Hoque M. A.","year":"2022","unstructured":"M. A. Hoque and R. Hasan. 2022. Autonomous driving security: A comprehensive threat model of attacks and mitigation strategies. In Proceedings of the 8th World Forum on Internet of Things. IEEE."},{"key":"e_1_3_1_68_2","volume-title":"Proceedings of the 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems","author":"Semertzis I.","year":"2022","unstructured":"I. Semertzis, V. S. Rajkumar, A. Stefanov, F. Fransen, and P. Palensky. 2022. Quantitative risk assessment of cyber attacks on cyber-physical systems using attack graphs. In Proceedings of the 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems. IEEE."},{"key":"e_1_3_1_69_2","volume-title":"Proceedings of the International Symposium on Dependable, Autonomic and Secure Computing","author":"Kawanishi Y.","year":"2021","unstructured":"Y. Kawanishi, H. Nishihara, H. Yoshida, and Y. Hata. 2021. A study of the risk quantification method focusing on direct-access attacks in cyber-physical systems. In Proceedings of the International Symposium on Dependable, Autonomic and Secure Computing. IEEE."},{"key":"e_1_3_1_70_2","volume-title":"Proceedings of the Global Communications Conference","author":"Newaz A. I.","year":"2022","unstructured":"A. I. Newaz, A. Aris, A. K. Sikder, and A. S. Uluagac. 2022. Systematic threat analysis of modern unified healthcare communication systems. In Proceedings of the Global Communications Conference. IEEE."},{"issue":"1","key":"e_1_3_1_71_2","article-title":"A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet","volume":"15","author":"Nourian Arash","year":"2018","unstructured":"Arash Nourian and Stuart Madnick. 2018. A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet. IEEE Transactions on Dependable and Secure Computing 15, 1 (2018).","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2993614"},{"key":"e_1_3_1_73_2","volume-title":"Proceedings of the 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing","author":"Xie F.","year":"2013","unstructured":"F. Xie, T. Lu, X. Guo, J. Liu, Y. Peng, and Y. Gao. 2013. Security analysis on cyber-physical system using attack tree. In Proceedings of the 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing. IEEE."},{"key":"e_1_3_1_74_2","volume-title":"Proceedings of the 4th International Conference on Computing Communication and Automation","author":"Sharma M.","year":"2018","unstructured":"M. Sharma, F. Gebali, and H. Elmiligi. 2018. 3-Dimensional analysis of cyber-physical systems attacks. In Proceedings of the 4th International Conference on Computing Communication and Automation. IEEE."},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2022.3193119"},{"key":"e_1_3_1_76_2","first-page":"4403","article-title":"A hybrid threat model for smart systems","author":"Valenza Fulvio","year":"2022","unstructured":"Fulvio Valenza, Erisa Karafili, Rodrigo Vieira Steiner, and Emil C. Lupu. 2022. A hybrid threat model for smart systems. IEEE Transactions on Dependable and Secure Computing 20, 5 (2022), 4403\u20134417.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_1_77_2","volume-title":"Proceedings of the 12th Mediterranean Conference on Embedded Computing","author":"Kang E.-Y.","year":"2023","unstructured":"E.-Y. Kang, S. Hacks. 2023. Safety and security analysis of a manufacturing system using formal verification and attack-simulation. In Proceedings of the 12th Mediterranean Conference on Embedded Computing. IEEE."},{"key":"e_1_3_1_78_2","volume-title":"Proceedings of the 8th World Forum on Internet of Things","author":"Da Silva L. P.","year":"2022","unstructured":"L. P. Da Silva, B. Nascimento, R. A. Dias, and D. S. Mendonca. 2022. A comprehensive approach for applying threat modeling to internet of things systems. In Proceedings of the 8th World Forum on Internet of Things. IEEE."},{"key":"e_1_3_1_79_2","volume-title":"IEEE Access","author":"Zografopoulos I.","year":"2021","unstructured":"I. Zografopoulos, J. Ospin, X. Liu, and C. Konstantinou. 2021. Cyber-physical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access 9 (2021)."},{"key":"e_1_3_1_80_2","article-title":"Risk analysis of cyber-physical systems by GTST-MLD","volume":"1","author":"Di Maio Francesco","year":"2019","unstructured":"Francesco Di Maio, Roberto Mascherona, and Enrico Zio. 2019. Risk analysis of cyber-physical systems by GTST-MLD. IEEE Systems Journal 1 (2019).","journal-title":"IEEE Systems Journal"},{"key":"e_1_3_1_81_2","volume-title":"Proceedings of the 14th International Conference on Risks and Security of Internet and Systems","author":"Jiang Y.","year":"2019","unstructured":"Y. Jiang, Y. Atif, J. Ding, and W. Wang. 2019. A semantic framework with humans in the loop for vulnerability-assessment in cyber-physical production systems. In Proceedings of the 14th International Conference on Risks and Security of Internet and Systems. Springer."},{"issue":"3","key":"e_1_3_1_82_2","doi-asserted-by":"crossref","DOI":"10.1109\/TII.2024.3495766","article-title":"Security state assessment in cyber-physical systems post-DoS attack based on cyber layer partitioning","volume":"21","author":"Zhang Y.","year":"2025","unstructured":"Y. Zhang, M. Fei, D. Du, and Y. Hu. 2025. Security state assessment in cyber-physical systems post-DoS attack based on cyber layer partitioning. IEEE Transactions on Industrial Informatics 21, 3 (2025).","journal-title":"IEEE Transactions on Industrial Informatics"},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3404264"},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2024.3411868"},{"key":"e_1_3_1_85_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIV.2023.3332006"},{"key":"e_1_3_1_86_2","volume-title":"International Conference on Intelligent Systems and Advanced Applications (ICISAA)","author":"Sahu P.","year":"2024","unstructured":"P. Sahu, A. J. Viji, V. Roy, L. Roy, D. Manogna, and S. Vasal. 2024. A comprehensive framework for evaluating cyber-physical threats in energy internet. In International Conference on Intelligent Systems and Advanced Applications (ICISAA)."}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3777450","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T13:46:55Z","timestamp":1768916815000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3777450"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,20]]},"references-count":85,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1,31]]}},"alternative-id":["10.1145\/3777450"],"URL":"https:\/\/doi.org\/10.1145\/3777450","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,20]]},"assertion":[{"value":"2024-09-14","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-28","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-01-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}