{"id":"https://openalex.org/W4414526546","doi":"https://doi.org/10.1002/spy2.70111","title":"Threat Modeling to Secure <scp>CPS</scp> \u2010Based Critical Infrastructures","display_name":"Threat Modeling to Secure <scp>CPS</scp> \u2010Based Critical Infrastructures","publication_year":2025,"publication_date":"2025-09-25","ids":{"openalex":"https://openalex.org/W4414526546","doi":"https://doi.org/10.1002/spy2.70111"},"language":"en","primary_location":{"id":"doi:10.1002/spy2.70111","is_oa":false,"landing_page_url":"https://doi.org/10.1002/spy2.70111","pdf_url":null,"source":{"id":"https://openalex.org/S4210233143","display_name":"Security and Privacy","issn_l":"2475-6725","issn":["2475-6725"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SECURITY AND PRIVACY","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058430706","display_name":"Zakir Ahmad Sheikh","orcid":"https://orcid.org/0000-0001-5268-4430"},"institutions":[{"id":"https://openalex.org/I4210142231","display_name":"Central University of Jammu","ror":"https://ror.org/03nw1rg94","country_code":"IN","type":"education","lineage":["https://openalex.org/I4210142231"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Zakir Ahmad Sheikh","raw_affiliation_strings":["Department of Computer Science and Information Technology Central University of Jammu  Bagla Jammu and Kashmir India","Department of Computer Science and Information Technology, Central University of Jammu, Bagla, Jammu and Kashmir, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Technology Central University of Jammu  Bagla Jammu and Kashmir India","institution_ids":["https://openalex.org/I4210142231"]},{"raw_affiliation_string":"Department of Computer Science and Information Technology, Central University of Jammu, Bagla, Jammu and Kashmir, India","institution_ids":["https://openalex.org/I4210142231"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010169828","display_name":"Yashwant Singh","orcid":"https://orcid.org/0000-0003-2833-2093"},"institutions":[{"id":"https://openalex.org/I4210142231","display_name":"Central University of Jammu","ror":"https://ror.org/03nw1rg94","country_code":"IN","type":"education","lineage":["https://openalex.org/I4210142231"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Yashwant Singh","raw_affiliation_strings":["Department of Computer Science and Information Technology Central University of Jammu  Bagla Jammu and Kashmir India","Department of Computer Science and Information Technology, Central University of Jammu, Bagla, Jammu and Kashmir, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Technology Central University of Jammu  Bagla Jammu and Kashmir India","institution_ids":["https://openalex.org/I4210142231"]},{"raw_affiliation_string":"Department of Computer Science and Information Technology, Central University of Jammu, Bagla, Jammu and Kashmir, India","institution_ids":["https://openalex.org/I4210142231"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089077811","display_name":"Sudeep Tanwar","orcid":"https://orcid.org/0000-0002-1776-4651"},"institutions":[{"id":"https://openalex.org/I165831266","display_name":"Nirma University","ror":"https://ror.org/05qkq7x38","country_code":"IN","type":"education","lineage":["https://openalex.org/I165831266"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Sudeep Tanwar","raw_affiliation_strings":["Department of Computer Science and Engineering Institute of Technology, Nirma University  Ahmedabad India","Department of Computer Science and Engineering, Institute of Technology, Nirma University, Ahmedabad, India"],"raw_orcid":"https://orcid.org/0000-0002-1776-4651","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering Institute of Technology, Nirma University  Ahmedabad India","institution_ids":["https://openalex.org/I165831266"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, Institute of Technology, Nirma University, Ahmedabad, India","institution_ids":["https://openalex.org/I165831266"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5080301909","display_name":"Abdulatif Alabdulatif","orcid":null},"institutions":[{"id":"https://openalex.org/I156216236","display_name":"Qassim University","ror":"https://ror.org/01wsfe280","country_code":"SA","type":"education","lineage":["https://openalex.org/I156216236"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Abdulatif Alabdulatif","raw_affiliation_strings":["Department of Computer Science College of Computer, Qassim University  Buraidah Saudi Arabia","Department of Computer Science, College of Computer, Qassim University, Buraidah, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0003-0646-5872","affiliations":[{"raw_affiliation_string":"Department of Computer Science College of Computer, Qassim University  Buraidah Saudi Arabia","institution_ids":["https://openalex.org/I156216236"]},{"raw_affiliation_string":"Department of Computer Science, College of Computer, Qassim University, Buraidah, Saudi Arabia","institution_ids":["https://openalex.org/I156216236"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5089077811"],"corresponding_institution_ids":["https://openalex.org/I165831266"],"apc_list":{"value":3140,"currency":"USD","value_usd":3140},"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.31475446,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"8","issue":"6","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.6735000014305115},{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.5644999742507935},{"id":"https://openalex.org/keywords/spoofing-attack","display_name":"Spoofing attack","score":0.5511999726295471},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5171999931335449},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.49630001187324524},{"id":"https://openalex.org/keywords/intrusion-tolerance","display_name":"Intrusion tolerance","score":0.4523000121116638},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.44020000100135803},{"id":"https://openalex.org/keywords/stride","display_name":"STRIDE","score":0.4223000109195709},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.40619999170303345}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7156000137329102},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.6735000014305115},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6460000276565552},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.5644999742507935},{"id":"https://openalex.org/C167900197","wikidata":"https://www.wikidata.org/wiki/Q11081100","display_name":"Spoofing attack","level":2,"score":0.5511999726295471},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5171999931335449},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.49630001187324524},{"id":"https://openalex.org/C196903269","wikidata":"https://www.wikidata.org/wiki/Q6059063","display_name":"Intrusion tolerance","level":3,"score":0.4523000121116638},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.44020000100135803},{"id":"https://openalex.org/C18007350","wikidata":"https://www.wikidata.org/wiki/Q7394815","display_name":"STRIDE","level":2,"score":0.4223000109195709},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.40619999170303345},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.39879998564720154},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3416000008583069},{"id":"https://openalex.org/C44280652","wikidata":"https://www.wikidata.org/wiki/Q104837","display_name":"Phase (matter)","level":2,"score":0.33970001339912415},{"id":"https://openalex.org/C77019957","wikidata":"https://www.wikidata.org/wiki/Q2689057","display_name":"Dependability","level":2,"score":0.3377000093460083},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.33070001006126404},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.3296999931335449},{"id":"https://openalex.org/C194541083","wikidata":"https://www.wikidata.org/wiki/Q457174","display_name":"Workaround","level":2,"score":0.3221000134944916},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.313400000333786},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.29190000891685486},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.2881999909877777},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.2809999883174896},{"id":"https://openalex.org/C148220186","wikidata":"https://www.wikidata.org/wiki/Q7111912","display_name":"Outcome (game theory)","level":2,"score":0.2797999978065491},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.2782999873161316},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.27790001034736633},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.26899999380111694},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.2651999890804291},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2603999972343445}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1002/spy2.70111","is_oa":false,"landing_page_url":"https://doi.org/10.1002/spy2.70111","pdf_url":null,"source":{"id":"https://openalex.org/S4210233143","display_name":"Security and Privacy","issn_l":"2475-6725","issn":["2475-6725"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"SECURITY AND PRIVACY","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W2694044524","https://openalex.org/W2921750014","https://openalex.org/W2941354264","https://openalex.org/W2943456086","https://openalex.org/W3027222501","https://openalex.org/W3037591038","https://openalex.org/W3044661437","https://openalex.org/W3131988611","https://openalex.org/W3138489474","https://openalex.org/W3182146194","https://openalex.org/W4234540472","https://openalex.org/W4304689535","https://openalex.org/W4394893863","https://openalex.org/W4399177367","https://openalex.org/W4403221959","https://openalex.org/W4403416226"],"related_works":[],"abstract_inverted_index":{"ABSTRACT":[0],"Cyber\u2010physical":[1],"systems":[2,18],"(CPS)":[3],"are":[4,19,105],"critical":[5,56],"components":[6,68],"of":[7,41,51,54,124,134,158,174,180,190,199,221,229,235,241,246],"many":[8],"vital":[9],"infrastructures,":[10,57],"including":[11],"hydro":[12],"power":[13],"plants":[14],"(HPPs).":[15],"However,":[16],"these":[17],"susceptible":[20],"to":[21,69,107,121,130,139,146,161],"various":[22],"cyberattacks,":[23],"as":[24,129],"evidenced":[25],"by":[26,91,206,244],"past":[27],"attacks.":[28],"This":[29,165],"research":[30],"paper":[31],"explores":[32],"CPS":[33,112,159,182],"security":[34,74,135,156],"in":[35,225],"HPP":[36,211],"environments,":[37],"presenting":[38],"a":[39,61,82],"review":[40],"existing":[42],"architectures":[43],"and":[44,73,78,95,100,109,172,183,188,219,256],"threat":[45,102],"modeling":[46,103],"techniques.":[47],"Considering":[48],"the":[49,52,111,116,122,125,132,154,169,177,186,194,216,230,236],"importance":[50,220],"availability":[53],"CPS\u2010based":[55],"we":[58],"have":[59],"proposed":[60,90,166,202,209,223],"redundant":[62,210],"HPP\u2010based":[63,181],"architecture":[64],"containing":[65],"diverse":[66],"vendor":[67],"improve":[70],"system":[71],"resilience":[72],"against":[75],"both":[76],"common":[77],"zero\u2010day":[79],"vulnerabilities.":[80],"Additionally,":[81],"novel":[83],"CritFit":[84,96,117,142],"Threat":[85],"Modeling":[86],"Framework":[87],"(CritFit\u2010TMF)":[88],"is":[89,119,145,204],"integrating":[92],"STRIDE,":[93],"DREAD,":[94],"Scoring.":[97],"The":[98,141,201,213],"STRIDE":[99],"DREAD":[101,126],"approaches":[104],"intended":[106],"identify":[108],"evaluate":[110],"threats,":[113],"respectively,":[114],"whereas":[115],"Scoring":[118,143],"applied":[120],"outcome":[123],"model":[127],"so":[128],"contextualize":[131],"priorities":[133,157],"aspects":[136],"with":[137],"respect":[138],"CPS.":[140,200,226],"methodology":[144],"tailor":[147],"severity":[148],"assessments":[149],"specifically":[150],"for":[151],"CPS,":[152],"recognizing":[153],"distinct":[155],"compared":[160],"traditional":[162],"IT":[163],"systems.":[164],"CritFit\u2010TMF":[167,203,231],"enhances":[168],"identification,":[170],"evaluation,":[171],"prioritization":[173],"threats":[175,238],"during":[176,193],"design":[178],"phase":[179,198],"thus":[184],"reduces":[185],"cost":[187],"complexity":[189],"patching":[191],"vulnerabilities":[192],"development":[195],"or":[196],"deployment":[197],"simulated":[205],"considering":[207],"our":[208,222],"architecture.":[212],"evaluations":[214],"highlight":[215],"feasibility,":[217],"adaptability,":[218],"framework":[224],"Simulation":[227],"results":[228],"revealed":[232],"that":[233],"24.90%":[234],"identified":[237],"were":[239],"Elevation":[240],"Privilege,":[242],"followed":[243],"Denial":[245],"Service":[247],"(24.08%),":[248],"Spoofing":[249],"(23.27%),":[250],"Information":[251],"Disclosure":[252],"(10.2%),":[253],"Repudiation":[254],"(9.39%),":[255],"Tampering":[257],"(8.16%).":[258]},"counts_by_year":[],"updated_date":"2025-11-19T23:35:23.961156","created_date":"2025-10-10T00:00:00"}