The compromise between Service Level Agreements (SLAs), which ensure high performance and availability, and the negative impact that cyberattack countermeasures may have, remains a persistent challenge in contemporary digital infrastructures. In sectors such as healthcare, manufacturing, finance, and transportation, the continuity and quality of services are vital. Yet, the very security mechanisms designed to safeguard these systems can inadvertently degrade performance. For example, in healthcare, isolating a potentially compromised medical device may delay the transmission of critical physiological data, putting patients at risk. In manufacturing, containment of a cyber incident might interrupt production lines, while in finance or transportation, network reconfiguration or mitigation can impair real-time responsiveness. As these systems become increasingly interconnected and edge-driven, their exposure to cyber threats increases in proportion. Cyberattacks targeting distributed nodes can introduce service delays, compromise safety-critical workflows, and erode trust in automated mitigation. Conversely, actions like node quarantine or load redistribution can degrade Quality of Service (QoS), highlighting the trade-of between security and operational continuity. Understanding this trade-of requires formal, quantitative tools capable of capturing complex system behavior under both nominal and adversarial conditions. This paper presents a comparative study based on two

CEUR

ceur-ws.org complementary modeling formalisms: Colored Stochastic Petri Nets (CSPNs, [ 1 ]) and Markovian Agent Models (MAMs, [ 2 ]), applied to a shared smart hospital scenario. CSPNs provide fine-grained, token-level semantics with support for concurrency and resource contention, making them particularly suitable for modeling transient bottlenecks and asynchronous mitigation dynamics. MAMs, in contrast, ofer a population-level view grounded in coupled diferential equations, enabling tractable evaluation of emergent properties such as cascading failures and systemic resilience. This approach contrasts other techiques, such as multiformalism modeling ([ 3, 4, 5 ]. While prior work has analyzed security–QoS interactions using either micro-level or macro-level formalisms, a direct comparison between CSPNs and MAMs under identical assumptions has not been systematically explored. This study addresses that gap and frames the following research questions: RQ1. How do CSPNs and MAMs difer in quantifying the trade-ofs between cybersecurity measures and Quality of Service in smart healthcare systems? RQ2. Can macroscopic approximations (MAMs) faithfully capture the same degradation and recovery patterns as token-level simulations (CSPNs)?

Our comparative evaluation reveals that while both formalisms detect the impact of cybersecurity interventions on availability and latency, they difer in sensitivity and representational clarity. CSPNs capture transient oscillations and local saturation more precisely, whereas MAMs ofer scalable insight into systemic behavior and enable closed-form trend analysis. These results provide operational guidance for model selection in SLA-sensitive domains, depending on the desired granularity, computational budget, and analytic goals. Following this introduction, Section 2 presents the healthcare case study. Section 3 details the CSPN and MAM models developed. Section 4 comments on the comparative results. Related work is reviewed in Section 5, and final reflections are ofered in Section 6.

This study focuses on a smart hospital scenario where cybersecurity measures may conflict with QoS requirements. Core QoS metrics include latency in transmitting patient data, system availability, data integrity, and service continuity. The hospital infrastructure is composed of interconnected medical devices (e.g., ventilators, ECGs), edge nodes, and backend servers, all of which are exposed to cyber threats such as malware and adaptive attacks.

The defensive architecture includes intrusion detection systems and human operators capable of quarantining compromised devices. However, such countermeasures may delay data transmission or disrupt care delivery. We examine how attacks on a limited set of devices can propagate system-wide degradation, impact alert-mitigation latency, and challenge SLAs.

To operationalize this, we define two SLA thresholds: (i) a maximum average mitigation latency of 10 steps (≈ 2 minutes), and (ii) a minimum throughput of 0.5 mitigations per step. These benchmarks guide the comparative evaluation of system responsiveness and resilience across the two formal models.

The case study is modelled using a CSPN and an MAM1. Latency was measured as the average delay between alert detection and successful mitigation, while throughput refers to the number of mitigations per hour. Each transition is identified by a semantic label, a probability of occurrence , and its corresponding stochastic rate = ⋅ , where = 0.1 transitions/hour is the base velocity. This separation of p and v allows clearer interpretation and flexibility across CSPN and MAM models. While not derived from first principles, this semi-empirical formulation aligns with common practice in meanifeld modeling and is compatible with exponential timing assumptions in stochastic simulations. The base velocity = 0.1 was selected to reflect typical response rates observed in healthcare infrastructures, 1The Python code used to perform the experiments is available at https://github.com/EBarbierato/qualITA2025 though we acknowledge its heuristic nature. All values for probabilities and transition rates have been derived from empirical evidence reported in recent literature on IoT security, medical device vulnerability, human-in-the-loop mitigation, and edge computing infrastructures for healthcare systems ([ 6 ]).

CSPN

In the CSPN depicted in Figure 1, four color sets represent the heterogeneity in system components: DeviceType = {ECG, VENT, PUMP}, Department = {ICU, EMERGENCY, SURGERY}, Status = {NORMAL, COMPROMISED, DEGRADED, QUARANTINED}, and finally, AttackClass = {STATIC, ADAPTIVE, STEALTH}. Each token in the Devices place is a tuple, (d : DeviceType, dept : Department, s : Status). Similarly, each token in the Attackers place is: (a : AttackClass, target : DeviceType). The places are the following: i) Devices: All active medical devices with their current type, department, and status; ii) Attackers: Cyber threats characterized by strategy and preferred device targets; iii) SecuritySystem: Holds mitigation agents, configured per department; iv) Operators: Tracks human intervention capability per department, and ifnally, v) Alerts: Queue of active alerts, identified by department and severity.

MAM The MAM in Figure 2 includes both degradation and recovery transitions to represent realistic operational behaviours. For instance, while devices may become compromised ( 0 → 2), they may later degrade ( 2 → 1) and eventually recover ( 1 → 0). Similarly, operator overload is represented not only as a state ( 2) but also influences the mitigation capacity and responsiveness delay through its feedback on 2 activity. Recovery of operators ( 2 → 1 → 0) is essential to restoring system responsiveness. The MAM comprises several interacting agent classes. Patient Devices ( ), which include equipment such as ECGs, ventilators, and infusion pumps, can be in one of three states: normal ( 0), degraded ( 1), or compromised ( 2). Ventilators ( ), due to their critical function, are modelled separately and transition through operational ( 0), delayed ( 1), and quarantined ( 2) states. Edge Nodes ( ), acting as local data processors, evolve from healthy ( 0) to overloaded ( 1) and isolated ( 2). The Security Module ( ) performs anomaly detection and response, progressing through monitoring ( 0), alerted ( 1), and mitigating ( 2). The Hospital Backend ( ), responsible for long-term records and analytics, may become delayed or fail, moving from responsive ( 0) to delayed ( 1) and ultimately unavailable ( 2). Operators ( ) represent human personnel who can be idle ( 0), engaged in mitigation ( 1), or overloaded ( 2). Finally, the Attacker ( ) is a dynamic threat agent advancing through static ( 0), injecting ( 1), adapting ( 2), and fully controlling ( 3) stages.

Transitions between states are governed by rates → = → ⋅ , where → is the empirical transition probability and v = 0.1 transitions/hour is a fixed base velocity. The system dynamics are governed by a set of probabilistic transitions across agent classes. Patient devices may be compromised with probability 0.60 when the attacker reaches state 3 ( 0 → 2), while mitigation, triggered by the security system in 2, reduces severity ( 2 → 1, 0.50). Devices can autonomously recover to normal operation with probability 0.30 ( 1 → 0). The attacker progresses through increasingly dangerous phases, starting with activation ( 0 → 1, 0.50), adaptation ( 1 → 2, 0.75), and finally gaining control ( 2 → 3, 0.80). The security system responds by detecting anomalies ( 0 → 1, 0.70) and confirming attacks ( 1 → 2, 0.65). Human operators react to alerts generated in 1 ( 0 → 1, 0.65), may become overwhelmed ( 1 → 2, 0.50), and can partially or fully recover ( 2 → 1, 0.25; 1 → 0, 0.20). Ventilators experience delays ( 0 → 1, 0.40), may be quarantined due to operator stress ( 1 → 2, 0.50), and later resume normal function ( 2 → 0, 0.20). Edge nodes deteriorate from healthy to overloaded ( 0 → 1, 0.40), then isolated ( 1 → 2, 0.45), and finally enter an alarm state ( 2 → 3, 0.35). The hospital backend is similarly afected, with latency initiation ( 0 → 1, 0.50), degradation due to edge alarm ( 1 → 2, 0.45), and full unavailability ( 2 → 3, 0.30).

The time evolution of the MAM system is described by the following representative equations, respectively, for the patient devices (equation 1), the attacker (equation 2), the security system (equation 3), the operators (equation 4), the ventilators (equation 5), the edge nodes (equation 6), and the hospital backend (equation 7).

0̇ = − 0→ 2 3 0 + 1→ 0 1, 2̇ = 0→ 2 3 0 − 2→ 1 2 2, 1̇ = 2→ 1 2 2 − 1→ 0 1 0̇ = − 0→ 1 0, 1̇ = 0→ 1 0 − 1→ 2 1, 2̇ = 1→ 2 1 − 2→ 3 2, 3̇ = 2→ 3 2 0̇ = − 0→ 1 0, 1̇ = 0→ 1 0 − 1→ 2 1, 2̇ = 1→ 2 1 (1) (2) (3) 0̇ = − 0→ 1 1 0 + 1→ 0 1, 1̇ = 0→ 1 1 0 − ( 1→ 2 + 1→ 0) 1 + 2→ 1 2,

CSPN 2̇ = 1→ 2 1 − 2→ 1 2 0̇ = − 0→ 1 0 + 2→ 0 2, 1̇ = 0→ 1 0 − 1→ 2 2 1, 2̇ = 1→ 2 2 1 − 2→ 0 2 0̇ = − 0→ 1 0, 1̇ = 0→ 1 0 − 1→ 2 1, 2̇ = 1→ 2 1 − 2→ 3 2, 3̇ = 2→ 3 2 ℎ̇0 = − 0→ 1 ℎ0, ℎ̇1 = 0→ 1 ℎ0 − 1→ 2 3 ℎ1, ℎ̇2 = 1→ 2 3 ℎ1 − 2→ 3 ℎ2, ℎ̇3 = 2→ 3 ℎ2 (4) (5) (6) (7) Regarding the CSPN, 100 independent simulation runs were executed. The latency distribution (Figure 3a) reflects the number of simulation steps elapsed between the firing of the RaiseAlert transition and the corresponding TriggerMitigation event. While most mitigations occur within 2–4 steps, a significant portion exceeds the SLA threshold of 10 steps, risking delays in critical responses. The empirical mean latency is approximately 6.69 steps, with a 95% confidence interval spanning [6.56, 6.81]. This statistical range highlights that, although fast mitigation is possible under favorable conditions, the system fails to guarantee SLA compliance in a consistent manner. The fact that the upper bound of the confidence interval remains well below the SLA threshold suggests that the system performs (a) Latency Distribution with Confidence Interval.

Transition Throughput 6000 5000 iisg4000 n r lf3000 a t to2000 1000 0 AdaptAttack

RaiseAlert tCraomnpsriotmioisneDevice adequately on average; however, the long tail of the distribution indicates that significant variability exists, and a non-negligible portion of alert responses breach acceptable delay boundaries. This discrepancy is further confirmed in the cumulative distribution function of latency (Figure 3d), where only about 65% of the mitigation actions are completed within 10 steps. The exponential decay of the latency distribution is consistent with the stochastic firing logic and fixed delays embedded in the model: once an alert is raised, the probability of fast mitigation is initially high, but probabilistic variability, resource contention, and delayed token availability can induce substantially longer wait times. Figure 3b reports the average number of tokens observed in each place across the simulations. Notably, the SecuritySystem place accumulates the highest token count, reflecting the retention of mitigated alerts post-intervention. The Alerts place also holds a non-trivial average token count, indicating that alerts often remain unresolved for multiple steps, reinforcing the observation of SLA violations. The low token counts in places such as Devices, Attackers, and Operators suggest rapid token turnover or relatively infrequent production, emphasizing the selectivity and responsiveness of the model’s defensive routines. The transition throughput, shown in Figure 3c, reveals that the most active transitions are AdaptAttack, RaiseAlert, and TriggerMitigation. These transitions are crucial for reactive behavior in adversarial settings, suggesting a robust attempt by the system to detect and mitigate threats. However, their frequency alone is insuficient to ensure SLA compliance, as shown by the latency statistics. In contrast, transitions like CompromiseDevice, MitigateDevice, and OverloadOperator exhibit significantly lower activity, hinting at strict guard conditions or rare triggering scenarios. These could be considered focal points for model refinement to better align system behavior with SLA targets. Lastly, Figure 3d provides a compact visualization of SLA compliance across the 100 runs. The CDF confirms that while the majority of alerts are mitigated within 10 steps, approximately 35% of cases fall outside the target window. This tail behavior, although gradually tapering of, reflects the inherent randomness in transition delays and the saturation of mitigation mechanisms under concurrent demands. From a system design perspective, this suggests a need for enhanced resilience features—either by optimizing token dispatch or by provisioning additional mitigation resources during high-load periods.

MAM

The interplay between cybersecurity enforcement and QoS in healthcare cyber-physical systems has been addressed from multiple modeling and architectural perspectives in recent literature. Shmeleva et al. [ 7 ] apply Infinite Petri Nets to the analysis of cybersecurity in intelligent systems, showcasing how scalable formal models can capture the complexity of modern infrastructures under adversarial conditions. Their work, while not specific to healthcare, is directly relevant to our use of CSPNs for Edge nodes (E-class) Hospital backend (H-class) 0 20 40 100 120 140 0 20 40 100 120 140 0 20 40 100 120 140 0 20 40 100 120 140

S0 S1 S2 V0 V1 V2 PPP102 U0 U1 U2 0.5 0.0 1.0 0.8 representing concurrent device interactions and transition delays in smart hospitals. Wu et al. [ 8 ] propose a personalized cyber-physical system for smart healthcare based on Petri net modeling, explicitly addressing both data privacy and system responsiveness. Their framework reinforces the suitability of Petri nets for modeling real-time mitigation strategies and structural dependencies across distributed medical devices, validating the core assumptions behind the CSPN portion of our study. A broader review of trust, security, and privacy in high-speed smart city infrastructures is proposed by Iftikhar et al. [ 9 ], who highlight the challenges faced by edge-enabled architectures, including smart hospitals, when enforcing mitigation policies that may inadvertently degrade QoS. Their findings confirm the lack of formal tools for quantifying SLA violations under adversarial pressure, motivating our comparative modeling strategy. Buyya et al. [ 10 ] outline a comprehensive vision for QoS-driven edge computing in smart hospital systems, identifying mitigation-induced latencies and node isolation as critical design concerns. Although their work does not involve formal modeling, it provides valuable context for the architectural scenarios we simulate, particularly in terms of mitigation throughput and alert propagation delays. Carramiñana et al. [ 11 ] employ agent-based simulations to evaluate healthcare infrastructure resilience under cyber and pandemic stress. Unlike our hybrid CSPN–MAM approach, their model focuses on strategic policy evaluation rather than formal stochastic analysis. Nonetheless, both studies share the goal of assessing dynamic QoS degradation and recovery. Bobbio et al. [ 12 ] provide a systemic risk analysis of Health IoT and contact tracing infrastructures under cyber warfare scenarios. Their modeling strategy integrates CSPNs and MAMs to analyze the cascading efects of cyberattacks in complex healthcare ecosystems, with a focus on data breaches and functional degradations. The current article positions itself at the intersection of formal modeling and system-level resilience analysis in smart healthcare infrastructures. Unlike prior works that rely solely on Petri nets [ 7, 8 ] or agent-based simulations [ 11 ], this study combines CSPNs with MAMs to capture both short-term, discrete-event dynamics and long-term, population-level trends. While architectural overviews and systematic reviews have highlighted the tension between cybersecurity and QoS [ 9, 10 ], they lack executable models to quantify SLA violations or simulate mitigation strategies under adversarial conditions. Bobbio et al. emphasize system-wide resilience metrics and systemic failure propagation, with a primary concern for data privacy violations and contact-tracing vulnerabilities. In contrast, our work focuses on Quality of Service (QoS) guarantees under targeted attacks, with a specific emphasis on mitigating latency, SLA violations, and ensuring operational continuity in smart hospitals. Moreover, our CSPN implementation incorporates dynamic alerting and human operator overload, while Bobbio et al. adopt a more static modeling of networked IoT nodes. Finally, we extend the analysis through confidence intervals over multiple simulation runs, ofering statistical robustness that complements their more deterministic performance profiles.

This study investigated the interplay between cybersecurity enforcement and QoS preservation in smart hospital environments through a comparative modeling approach. By applying both a CSPN and a MAM to a shared healthcare scenario, we addressed two key research questions.

In response to RQ1, our results confirm that CSPNs and MAMs ofer complementary insights into the cybersecurity–QoS trade-of. The CSPN enables fine-grained tracking of transient behaviors such as operator overload, mitigation latency, and SLA violations at the transition level. The incorporation of confidence intervals in CSPN simulation results has further enhanced the model’s diagnostic power by exposing the range and likelihood of SLA breaches under adversarial variability. These confidence intervals clarify system stability and confirm that a notable share of mitigations still exceed SLA limits. The MAM, in contrast, abstracts the system into agent-level dynamics and reveals macroscopic degradation trends, making it more suitable for studying long-term resilience and equilibrium under persistent threats.

Addressing RQ2, we find that MAMs can approximate the overall evolution of degradation and recovery patterns reasonably well, especially over extended time horizons. However, they fail to reproduce sharp discontinuities and local saturation efects evident in the CSPN. These include bottlenecks in mitigation paths and operator overloads that critically impact SLA compliance. While MAMs ofer analytical tractability and scalability, their assumptions of homogeneity and continuous dynamics smooth out localized violations, limiting their utility in high-resolution SLA analysis.

Overall, the dual-modeling strategy underscores the value of combining discrete-event formalisms with diferential equation-based abstractions to achieve a balanced view of cyber-physical system performance. CSPNs ofer detailed temporal resolution and now—thanks to confidence intervals—quantitative reliability bounds, making them indispensable for short-term diagnostics and SLA validation. MAMs, in turn, scale efectively to larger systems and longer horizons, ofering eficient evaluation of global resilience patterns. Each model has intrinsic limitations: CSPNs face scalability challenges, while MAMs omit heterogeneity and tail risks.

The author(s) have not employed any Generative AI tools.