Modelling Security of Critical Infrastructures: A Survivability Assessment

Rodríguez, Ricardo J.; Merseguer, José; Bernardi, Simona

doi:10.1093/comjnl/bxu096

Cited by 22 publications

(11 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A specialization of MARTE, the non-standard dependability analysis and modeling (DAM) UML profile [21], enables to express dependability issues in UML models. Similarly, the non-standard security analysis and modeling (SecAM) profile [22] allows to express security characteristics into UML models. Figure 3 depicts the UML domain model for the publish/subscribe paradigm.…”

Section: Description Of the Profilementioning

confidence: 99%

Profiling the publish/subscribe paradigm for automated analysis using colored Petri nets

et al. 2019

Self Cite

View full text Add to dashboard Cite

UML sequence diagrams are used to graphically describe the message interactions between the objects participating in a certain scenario. Combined fragments extend the basic functionality of UML sequence diagrams with control structures, such as sequences, alternatives, iterations, or parallels. In this paper, we present a UML profile to annotate sequence diagrams with combined fragments to model timed Web services with distributed resources under the publish/subscribe paradigm. This profile is exploited to automatically obtain a representation of the system based on Colored Petri nets using a novel model-to-model (M2M) transformation. This M2M transformation has been specified using QVT and has been integrated in a new add-on extending a state-of-the-art UML modeling tool. Generated Petri nets can be immediately used in well-known Petri net software, such as CPN Tools, to analyze the system behavior. Hence, our model-to-model transformation tool allows for simulating the system and finding design errors in early stages of system development, which enables us to fix them at these early phases and thus potentially saving development costs.

show abstract

Section: Description Of the Profilementioning

confidence: 99%

Profiling the publish/subscribe paradigm for automated analysis using colored Petri nets

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…SecAM [20,3] is an UML profile designed for the security analysis and mod-elling of software systems. It allows attack/resilience, cryptography, security mechanisms, and access control issues to be expressed within UML models.…”

Section: The Secam Profile and Generalized Stochastic Petri Netsmentioning

confidence: 99%

“…SecAM is built in the top of MARTE [12] and DAM [13] profile, which makes it a 135 powerful framework where performance, dependability, and security properties can be expressed. A more detailed description of SecAM subpackages can be found in [3]. A GSPN distinguishes two kind of transitions: immediate, which fire at zero time (i.e., its firing does not consume any time) and are represented by thin black bars; and timed, which can follow different firing distributions and are represented by white boxes.…”

Section: The Secam Profile and Generalized Stochastic Petri Netsmentioning

confidence: 99%

“…25 Nowadays, holistic modelling of complex systems is still a challenging research issue, being largely accepted that the more promising and scalable ap-proaches focus on modularity and composability (both in modelling and solving). Another promising research effort aims at using as much as possible de facto standards in systems modelling, as the Unified Modelling Language (UML) In this paper, we take advantage of two novel UML profiles, namely Security Analysis and Modelling (SecAM) [3] and Critical Infrastructure Protection -Vulnerability Analysis and Modeling (CIP_VAM) [4], to address the modelling of digital and physical security in combination. The approach moves from 40 separate usage of the two profiles, through a loosely coupled one, pointing towards a fully and strictly integrated profile including the modelling potential of both SecAM and CIP_VAM.…”

Section: Introductionmentioning

confidence: 99%

“…However, it does not consider cyber-security issues. Another 100 recent UML profile, SecAM [20,3], overcomes this issue since it allows specifying cyber-security aspects while enabling its assessment.…”

mentioning

confidence: 99%

See 2 more Smart Citations

On synergies of cyber and physical security modelling in vulnerability assessment of railway systems

Marrone¹,

Rodríguez

Nardone

et al. 2015

Computers & Electrical Engineering

Self Cite

View full text Add to dashboard Cite

The multifaceted nature of cyber-physical systems needs holistic study methods to detect essential aspects and interrelations among physical and cyber components. Like the systems themselves, security threats feature both cyber and physical elements. Although to apply divide et impera approaches helps handling system complexity, to consider just one aspect at a time does not provide adequate risk awareness and hence does not allow to design the most appropriate countermeasures. To support this claim, in this paper we provide a joint application of two model-driven techniques for physical and cyber-security evaluation. We apply two UML profiles, namely SecAM (for cyber-security) and CIP_VAM (for physical security), in combination. In such a way, we demonstrate the synergy between both profiles and the need for their tighter integration in the context of a reference case study from the railway domain.

show abstract

DDoS Attack Security Situation Assessment Model Using Fusion Feature Based on Fuzzy C-Means Clustering Algorithm

Zhang

Cheng

Tang

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Modelling Security of Critical Infrastructures: A Survivability Assessment

Cited by 22 publications

References 36 publications

Profiling the publish/subscribe paradigm for automated analysis using colored Petri nets

Profiling the publish/subscribe paradigm for automated analysis using colored Petri nets

On synergies of cyber and physical security modelling in vulnerability assessment of railway systems

DDoS Attack Security Situation Assessment Model Using Fusion Feature Based on Fuzzy C-Means Clustering Algorithm

Contact Info

Product

Resources

About