Architectural and Behavioral Analysis for Cyber Security

Siu, Kit; Moitra, Abha; Li, Meng; Durling, Michael; Herencia-Zapana, Heber; Interrante, John; Meng, Baoluo; Tinelli, Cesare; Chowdhury, Omar; Larraz, Daniel; Yahyazadeh, Moosa; Arif, M. Fareed; Prince, Daniel

doi:10.1109/dasc43569.2019.9081652

Cited by 14 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A prototype of ADTree-based security analysis and synthesis was implemented in the VERDICT 2 toolchain [15] [16], which is a plugin for the OSATE tool [17].…”

Section: Discussionmentioning

confidence: 99%

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Meng

Viswanathan

Saswata

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

Attack-Defense Trees (ADTrees) are widely used in the security analysis of software systems. In this work, we introduce a novel approach to analyze system architecture models via ADTrees and to synthesize an optimal cost defense solution using MaxSMT. We generate an ADTree from the Architecture Analysis and Design Language (AADL) model with its possible attacks, and implemented defenses. We analyze these ADTrees to see if they satisfy their cyber-requirements. We then translate the ADTree into a set of logical formulas, that encapsulate both the logical structure of the tree, and the constraints on the cost of implementing the corresponding defenses, such that a minimization query to the MaxSMT solver returns a set of defenses that mitigate all possible attacks with minimal cost. We provide an initial evaluation of our tool on a delivery drone system model which shows promising results.

show abstract

“…A prototype of ADTree-based security analysis and synthesis was implemented in the VERDICT 2 toolchain [15] [16], which is a plugin for the OSATE tool [17].…”

Section: Discussionmentioning

confidence: 99%

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Meng

Viswanathan

Saswata

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Note that the connector connects the drone to the delivery truck in order to receive the delivery location and other initialization parameters prior to take-off. Threats (Siu, et al, 2019) is a Model-based System Engineering (MBSE) tool for analyzing cyber resiliency early in development (GE, 2020), (Meng, et al, 2021). The tool analyzes the system model for vulnerabilities and provides concrete, actionable feedback that can be incorporated into the development process.…”

Section: Example Aadl Model: Delivery Dronementioning

confidence: 99%

Experience in Designing for Cyber Resiliency in Embedded DoD Systems

Barzeele

Siu

Robinson

et al. 2021

INCOSE International Symp

Self Cite

View full text Add to dashboard Cite

In DoD systems, software component reuse is highly valued, and development is rarely started from scratch. Most embedded weapon systems are a heterogeneous mixture of new, modified, and legacy components. This mixture drives an increased impetus to improve upon the existing system's model, and also creates an opportunity to assess potential cyber vulnerabilities earlier in the lifecycle. In this paper, we describe our experience in developing an experimental platform, which is a representative testbed that incorporates legacy, modified, and new components, using a process where we address cyber resiliency early in development. We give accounts of where each of the parts of our representative testbed originated, what modeling decisions we made, and how we analyzed cyber vulnerabilities. We also propose a system engineering process, based on architectural modeling of the system, which introduces analysis early in the design for cyber resiliency. We are developing an approach to use advanced tools to find vulnerabilities and to develop cyber resiliency requirements to counter those vulnerabilities. The creation of the model and documentation of cyber resiliency requirements and design decisions provide a positive impact on the system lifecycle and future integration of the system.

show abstract

“…Another use of IVCs, and MUST sets in particular, is in the analysis of a system's tolerance to faults [20] or resiliency to cyberattacks [18]. For instance, an empty MUST set for a system S and its invariant P indicates that the property is satisfied by S in various ways, making the system fault tolerant or resilient against cyberattacks as far as property P is concerned.…”

Section: Ivcs For Fault-tolerance or Cyber-resiliency Analysismentioning

confidence: 99%

“…In general, proof-based traceability information can be used to perform a variety of engineering analyses, including vacuity detection [14]; coverage analysis [8,11]; impact analysis [16], design optimization; and robustness analysis [18,20]. Identifying which model elements are required for a proof, and assessing the relative importance of different model elements is critical to determine the quality of the overall model (including its assume-guarantee specification), determining when and where to implement changes, identifying components that need to be reverified, and measure the tolerance and resilience of the system against faults and attacks.…”

Section: Introductionmentioning

confidence: 99%

Merit and Blame Assignment with Kind 2

Larraz¹,

Laurent²,

Tinelli³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

We introduce two new major features of the open-source model checker Kind 2 which provide traceability information between specification and design elements such as assumptions, guarantees, or other behavioral constraints in synchronous reactive system models. This new version of Kind 2 can identify minimal sets of design elements, known as Minimal Inductive Validity Cores, which are sufficient to prove a given set of safety properties, and also determine the set of MUST elements, design elements that are necessary to prove the given properties. In addition, Kind 2 is able to find minimal sets of design constraints, known as Minimal Cut Sets, whose violation leads the system to an unsafe state. The computed information can be used for several purposes, including assessing the quality of a system specification, tracking the safety impact of model changes, and analyzing the tolerance and resilience of a system against faults or cyber-attacks. We describe these new capabilities in some detail and report on an initial experimental evaluation of some of them.

show abstract

Architectural and Behavioral Analysis for Cyber Security

Cited by 14 publications

References 5 publications

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Experience in Designing for Cyber Resiliency in Embedded DoD Systems

Merit and Blame Assignment with Kind 2

Contact Info

Product

Resources

About