They presented a paper at the 7th Joint Workshop on CPS & IoT Security and Privacy (CPSIoTSec 2025). This took place as a post-conference workshop to CCS. CPSIoTSec brings together research and practice in the field of cyber-physical systems (CPS) security and the Internet of Things (IoT).

Regulations such as the European Union's Cyber Resilience Act and the IEC 62443 standard require demonstrable DoS robustness. However, they provide little concrete guidance on how this can be measured at the device level. This publication fills this gap by providing a device-centric assessment methodology.

The core principle of this methodology is the use of redundant paths, which separates the impact on the device under test (DUT) from infrastructure effects and indexes primary and secondary impacts on the DUT. This provides reliable results in terms of compliance. A multi-stage process (first black box, gray box only if necessary) optimizes effort while ensuring audit readiness.

Together, the methodology and artifacts provide regulators, vendors, and developers with a practical and repeatable approach to demonstrating DoS resilience on actual deployment platforms. They also provide information and insights for building appropriate test environments.