Structured System Threat Modeling and Mitigation Analysis for Industrial Automation Systems

back to overview


Schlegel, R., Obermeier, S., & Schneider, J. (2012). Structured System Threat Modeling and Mitigation Analysis for Industrial Automation Systems. Paper presented at the Symposium on Foundations of Computer Science (FOCS).

Publication type

Paper in Conference Proceedings


Industrial control systems are an important part of critical infrastructures and their uninterrupted operation is important for many aspects of society. In recent years these systems have come under more scrutiny, as reports about attacks on them have become more frequent. There is therefore a need to better secure them, and the ?rst step to achieve this is to identify the threat landscape for such systems. This is typically done by creating a threat model of a system, enumerating the potential threats, and then devising mitigation options based on the discovered threats. However, many of the available threat modeling methods and tools target very specific systems (e.g., software components), and do not lend themselves well to evaluating diverse systems or abstract reference architectures of systems. In this paper we present a methodology for system threat modeling that addresses this gap, by enabling the modeling of a diverse range of systems and reference architectures of systems. Furthermore, the methodology provides additional functionality, such as guiding the user in the completion of a threat model and automatically detecting unmitigated threats in a system. In addition, our methodology also takes mitigation into account by modeling the security components in a system. We have implemented the methodology in a web-based tool, and also evaluated the tool on a reference architecture of a complex automation system, validating both the approach and the tool.


Organizational Units

  • Institute of Information Systems
  • Hilti Chair of Business Process Management