Model Driven Software Security Architecture of Systems-of-Systems

Hachem, Jamal El; Pang, Zi Yang; Chiprianov, Vanea; Babar, Abdul; Aniorte, Philippe

doi:10.1109/apsec.2016.023

Cited by 24 publications

(12 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…He/she cannot rely on existing secure system development methodologies such as Microsoft SDL [13], OWASP [21], Secure i* [10] or SysML-Sec [3], as they are not always well adapted to SoS. There are some specific methodologies in securing SoS, such as SoSSec [12] or Security Framework Architecture [22], but these methodologies take a long time and require the strong security skill. Thus, the domain expert must interact with security experts but such a collaboration is not always possible because security experts are not necessarily available in an emergency.…”

Section: Problem Statementmentioning

confidence: 99%

See 1 more Smart Citation

Development of Secure System of Systems Needing a Rapid Deployment

Messe

Belloir²,

Chiprianov

et al. 2019

2019 14th Annual Conference System of Systems Engineering (SoSE)

Self Cite

View full text Add to dashboard Cite

In certain cases, such as secure humanitarian corridors in a conflict zone, a special type of SoS, needing a rapid deployment, has to be developed. Because of the tense time constraint, usually only a domain expert is responsible with this development. However, many such SoSs also have to take into account the security aspect. How to help a domain expert integrate the security aspect into the rapid development of an SoS? In this proposal paper, we present an approach and a tool suite that help the domain expert tag business assets using security properties, which are then used to identify vulnerabilities and to propose possible security control mechanisms. We illustrate our proposal on a case study. Index Terms-security, security model and architecture design, meta-modelling, domain model, causal chain

show abstract

Section: Problem Statementmentioning

confidence: 99%

“…Unfortunately, the domain experts generally do not have any security skills. They cannot rely on existing SoS security methodologies such as SoSSec [12]. Indeed, such methods require a long time and interactions with security experts, which is not always possible when in an emergency.…”

Section: Introductionmentioning

confidence: 99%

Development of Secure System of Systems Needing a Rapid Deployment

Messe

Belloir²,

Chiprianov

et al. 2019

2019 14th Annual Conference System of Systems Engineering (SoSE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…This shall also be covered in forthcoming advances on this research. Other future work lines include (i) comparison among coalitions through the substitution of constituents that offer the same capability for better decision-making between different brands, (ii) adoption of cosimulation to accurately reproduce the scenarios required for other quality attributes such as security [Hachem et al 2016], and (iii) establishment of a mechanism for automation of the cost estimation through the integration between the simulator, a mechanism for querying and comparing market prices, and some model-checker mechanism to automatically deliver the best coalition, without the need to manually collect and analyze data. We also consider that, for large volumes of data, we can apply search-based software engineering to support the selection of constituents from criteria related to technical and economic aspects of software.…”

Section: Final Remarksmentioning

confidence: 99%

How Much Does It Cost? A Simulation-Based Method for Cost Prediction in Systems-of-Systems Acquisition Processes

Neto¹,

Horita²,

Santos³

et al. 2018

Anais Do Workshop Sobre Aspectos Sociais, Humanos E Econômicos De Software (WASHES)

View full text Add to dashboard Cite

Software economics, acquisition, and pricing are important concerns, in particular for Systems-of-Systems (SoS). SoS are alliances of independent software-intensive systems combined to offer holistic functionalities as a result of the constituents interoperability. SoS engineering involves separately acquiring constituents and combining them to form the SoS. Despite the existence of cost prediction techniques at Systems Engineering practice, predicting SoS acquisition costs at design-time should include: 1) an analysis of the minimum set of constituents that offer a 'good enough' result, and 2) an analysis of the compatibility between the constituents to deliver the expected result. The main contribution of this paper is proposing a novel simulation-based method for cost prediction in constituents acquisition process, while considering the effectiveness of constituents combination to offer the intended functionalities, and predicting the lowest configuration, at design-time. We adopt a simulation model to predict, at design-time, the results that shall be yielded by the constituents during SoS operation. Preliminary results point out the success of our method to predict such costs while still supporting a selection of the best architectural configurations.

show abstract

“…Additionally, we defined and implemented a matching mechanism that helps identifying the possible concatenation/sequence of triggered vulnerabilities in order to discover emergent unknown security cascading attacks. Finally, we used Model-Driven Engineering (MDE) to implement a generator tool (a set of Model-To-Text transformation rules) to (semi)automatically map the secure SoS architectures modeled using an SysML-based modeling language, the SoSSecML [10], to the extended MAS platform.…”

Section: Introductionmentioning

confidence: 99%

Extending a Multi-Agent Systems Simulation Architecture for Systems-of-Systems Security Analysis

Hachem

Chiprianov

Neto

et al. 2018

2018 13th Annual Conference on System of Systems Engineering (SoSE)

Self Cite

View full text Add to dashboard Cite

Security is an important concern for softwareintensive Systems-of-Systems (SoS). Architectural analysis for SoS secturity assessment should be performed at early stages of development. Such activity could prevent vulnerabilities and avoid potential cascading attack emergent behaviors, i.e., a succession of security vulnerabilities that emerge from individual constituents security fragilities, potentially causing interruption and collapse of SoS operation. Model simulation can prevent these issues by predicting, at design-time, how SoS will behave regarding its reaction to potential attacks. As security is a quality attribute, i.e., a property that comes up from the relation between software parts, software architecture analysis and simulation are an additional support for the prediction of SoS security. However, despite recent advances in such area, few simulation approaches have tackled simulation of secure SoS architectures where the basis of the described models are the SoS behavior or the interactions among the SoS Constituent Systems (CS). The main contribution of this paper is offering a big picture of how recent advances on SoS security analysis via simulations can form a robust framework for SoS security prediction. We argue the pertinence of Multi-Agent Systems (MAS) for SoS simulation due to similarities between MAS and SoS concepts, and we report how MAS simulation enables the visualization of emergent behaviors and how they impact the SoS security. Our results to foster SoS security analysis include (i) an extension of a MAS conceptual model and platform to include security concepts, (ii) a Model-Driven Engineering (MDE) approach that adopts automatic mappings between secure SoS architecture modeled using an existing SysML-based modeling language, namely the SoSSecML, and (iii) a MAS platform to support such analysis.

show abstract

Model Driven Software Security Architecture of Systems-of-Systems

Cited by 24 publications

References 26 publications

Development of Secure System of Systems Needing a Rapid Deployment

Development of Secure System of Systems Needing a Rapid Deployment

How Much Does It Cost? A Simulation-Based Method for Cost Prediction in Systems-of-Systems Acquisition Processes

Extending a Multi-Agent Systems Simulation Architecture for Systems-of-Systems Security Analysis

Contact Info

Product

Resources

About