Date of Award
Doctor of Philosophy (PhD)
Industrial and Systems Engineering and Engineering Management
Computer security--Computer simulation, Systems engineering
The advent of the Internet has led to an ever-increasingly interconnected world. The range of cyber-physical systems being interconnected has expanded to include power generation facilities, automobiles, weapon systems, and others. Securing such systems against cyberattacks is crucial, and consequently cybersecurity research, including cybersecurity modeling, has been growing. However, most cybersecurity modeling efforts to date omit any representation of the computer systems' user, thereby overlooking the potentially negative impact that security measures can have on system users' productivity. A currently ongoing research program, consisting of multiple interrelated research projects, has been modeling cyberattacks based on their descriptions in the MITRE Common Attack Pattern Enumeration and Classification (CAPEC) database. The models are expressed using a formalism, called Petri Nets with Players, Strategies, and Costs (PNPSC), that extends classic Petri nets with features specifically designed to model cyberattacks. However, the CAPEC descriptions, and thus the PNPSC models based on them, are attacker-centric. The research described in this dissertation added representations of computer system users to the CAPEC-based PNPSC models and then showed, using simulation, reinforcement learning, and statistical analysis, that the inclusion of the user representations resulted in significantly different defensive strategies being adopted by the system defender. That result confirmed the importance of representing the system users in cybersecurity models. In addition, the PNPSC formalism was also used to model a real-world cyber-physical system. That model was found to provide additional insight during a systems engineering design review, demonstrating that such models can add value in the systems engineering process.
Colvett, Christopher Daniel, "Modeling and simulation of cyberattacks to aid systems security engineers and cyber-physical designs to aid systems engineers" (2023). Dissertations. 329.