Abdelgawad, Mahmoud, authorRay, Indrakshi, authorACM, publisher2024-11-112024-11-112024-05-21Mahmoud Abdelgawad and Indrakshi Ray. 2024. Methodology for Resiliency Analysis of Mission-Critical Systems. In The 39th ACM/SIGAPP Symposium on Applied Computing (SAC '24), April 8–12, 2024, Avila, Spain. ACM, New York, NY, USA, 9 pages. https://doi.org/10.1145/3605098.3636066https://hdl.handle.net/10217/239535Mission-critical systems ensure the safety and security of any nation. Attacks on mission-critical systems can have devastating consequences. We need to design missions that can prevent, detect, survive, recover, and respond to faults and cyber attacks. In other words, we must design missions that are cyber-resilient. System engineering techniques must be used to specify, analyze, and understand where adverse events are possible and how to mitigate them while a mission-critical system is deployed. This work introduces an end-to-end methodology for designing cyber-resilient mission-critical systems. The methodology first specifies a mission in the form of a workflow. It then converts the mission workflow into formal representation using Coloured Petri Nets (CPN). The methodology also derives threat models from the mission specification. The threat models are used to form a formal specification of attacks that can be represented in CPN. These CPN attacks are plugged into potential places in the CPN mission to design various attack scenarios. The methodology finally verifies the state transitions of the CPN mission attached to attacks to analyze the resiliency of the mission. It identifies in which state transition the mission succeeds, fails, and is incomplete. The methodology is applied to a drone surveillance system as a motivating example. The result shows that the methodology is practical for resiliency analysis of mission-critical systems. The methodology demonstrates how to restrict a mission to improve the resiliency of mission-critical systems. The methodology provides crucial insights in the early stages of mission specification to achieve cyber resiliency.born digitalarticleseng© Mahmoud Abdelgawad, et al. | ACM 2024. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in SAC '24, https://dx.doi.org/10.1145/3605098.3636066.mission-critical systemsresiliencyworkflowformal methodscoloured petri nets (CPN)Texthttps://doi.org/10.1145/3605098.3636066