Quantifying Cybersecurity-QoS Trade-Offs in Smart Hospitals: A Comparative Study Using CSPNs and Markovian Agent Models

In smart hospitals, achieving a balance between cybersecurity and quality of service (QoS) is a critical yet underexplored challenge. Cyberattacks can disrupt medical services, while overly aggressive countermeasures may degrade performance or availability, thus violating Service Level Agreements (SLAs). To quantify this tradeoff, we model a representative smart healthcare system using two formal approaches: Colored Stochastic Petri Nets (CSPNs) and Markovian Agent Models (MAMs). The CSPN captures fine-grained, concurrent behaviors and stochastic delays at the token level, while the MAM abstracts global system dynamics via differential equations. Through extensive simulations, we evaluate mitigation latency, resource saturation, and system responsiveness under cyberattack scenarios. Confidence intervals, computed from repeated CSPN runs, provide statistically grounded insight into SLA compliance variability, highlighting that a significant portion of mitigations exceed the defined threshold. Despite the potential for rapid mitigation, stochastic delays and concurrency often result in critical SLA violations. This dual-model approach enables a complementary analysis: CSPNs reveal short-term congestion and resource contention, whereas MAMs uncover long-term systemic trends. The study offers a reproducible framework for evaluating cyber-resilience in safety-critical environments.