Risk Modeling and Analysis

Tim Kieras, Junaid Farooq, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingChapter


Securing the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this chapter, we develop a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.

Original languageEnglish (US)
Title of host publicationSpringerBriefs in Computer Science
Number of pages24
StatePublished - 2022

Publication series

NameSpringerBriefs in Computer Science
ISSN (Print)2191-5768
ISSN (Electronic)2191-5776

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Risk Modeling and Analysis'. Together they form a unique fingerprint.

Cite this