Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


Industrial and Systems Engineering and Engineering Management

Committee Chair

Sampson Gholston

Committee Member

James Swain

Committee Member

Bryan Mesmer

Committee Member

John Bland


Computer security--Computer simulation, Systems engineering


The advent of the Internet has led to an ever-increasingly interconnected world. The range of cyber-physical systems being interconnected has expanded to include power generation facilities, automobiles, weapon systems, and others. Securing such systems against cyberattacks is crucial, and consequently cybersecurity research, including cybersecurity modeling, has been growing. However, most cybersecurity modeling efforts to date omit any representation of the computer systems' user, thereby overlooking the potentially negative impact that security measures can have on system users' productivity. A currently ongoing research program, consisting of multiple interrelated research projects, has been modeling cyberattacks based on their descriptions in the MITRE Common Attack Pattern Enumeration and Classification (CAPEC) database. The models are expressed using a formalism, called Petri Nets with Players, Strategies, and Costs (PNPSC), that extends classic Petri nets with features specifically designed to model cyberattacks. However, the CAPEC descriptions, and thus the PNPSC models based on them, are attacker-centric. The research described in this dissertation added representations of computer system users to the CAPEC-based PNPSC models and then showed, using simulation, reinforcement learning, and statistical analysis, that the inclusion of the user representations resulted in significantly different defensive strategies being adopted by the system defender. That result confirmed the importance of representing the system users in cybersecurity models. In addition, the PNPSC formalism was also used to model a real-world cyber-physical system. That model was found to provide additional insight during a systems engineering design review, demonstrating that such models can add value in the systems engineering process.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.