A Model-Driven Process for Physical Protection System Design and Vulnerability Evaluation

“…DAM (Bernardi et al, 2013) is a MARTE extension for the modelling and analysis of dependable systems, while Se-cAM (Rodríguez et al, 2014) extends DAM for security modelling of critical infrastructures, early in the system development lifecycle. CIP_VAM (Vittorini et al, 2015;Drago et al, 2019) is a UML profile for vulnerability analysis and modelling in the field of critical infrastructure protection. 5 It is used in model-driven chains involving Bayesian networks and quantitative modelling, and it focuses on physical aspects modelling, integration with Se-cAM was proposed in Marrone et al (2015).…”

Security modelling and formal verification of survivability properties: Application to cyber–physical systems

“…DAM (Bernardi et al, 2013) is a MARTE extension for the modelling and analysis of dependable systems, while Se-cAM (Rodríguez et al, 2014) extends DAM for security modelling of critical infrastructures, early in the system development lifecycle. CIP_VAM (Vittorini et al, 2015;Drago et al, 2019) is a UML profile for vulnerability analysis and modelling in the field of critical infrastructure protection. 5 It is used in model-driven chains involving Bayesian networks and quantitative modelling, and it focuses on physical aspects modelling, integration with Se-cAM was proposed in Marrone et al (2015).…”

Security modelling and formal verification of survivability properties: Application to cyber–physical systems

“…Other UML profiles focus on security in grid computing [17] or distributed systems [18]. In this sense, CIP_VAM [4,19] is a recent UML profile that addresses physical protection of critical infrastructures and provides tool support for automatic generation of vulnerability models based on Bayesian Networks (BNs). However, it does not consider cyber-security issues.…”

“…An arc is also added to S E from each BN node corresponding to any «Action» that may be 250 performed against infrastructural items («Site», «Object» or «Service») in its Protects list. Finally, the CPT of S E takes into account the trustworthiness of S in terms of its false positive rate (Fpr ) and false negative rate (Fnr ) [19]. same meaning respectively of S S and S E ; hence, this rule works as the previous…”

On synergies of cyber and physical security modelling in vulnerability assessment of railway systems

A model-driven approach for vulnerability evaluation of modern physical protection systems