Threat Identification and Defense Control Selection for Embedded Systems

Moitra, Abha; Prince, Daniel; Siu, Kit; Durling, Michael; Herencia-Zapana, Heber

doi:10.4271/11-03-02-0005

Cited by 6 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Within VERDICT, the analysis of the AADL model receives information primarily from the Security Threat Evaluation and Mitigation (STEM) component [10]. STEM identifies possible CAPEC attacks, possible NIST-800-53 defenses and defenses currently implemented in the components of the system.…”

Section: Defense Modelsmentioning

confidence: 99%

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Meng

Viswanathan

Saswata

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

Attack-Defense Trees (ADTrees) are widely used in the security analysis of software systems. In this work, we introduce a novel approach to analyze system architecture models via ADTrees and to synthesize an optimal cost defense solution using MaxSMT. We generate an ADTree from the Architecture Analysis and Design Language (AADL) model with its possible attacks, and implemented defenses. We analyze these ADTrees to see if they satisfy their cyber-requirements. We then translate the ADTree into a set of logical formulas, that encapsulate both the logical structure of the tree, and the constraints on the cost of implementing the corresponding defenses, such that a minimization query to the MaxSMT solver returns a set of defenses that mitigate all possible attacks with minimal cost. We provide an initial evaluation of our tool on a delivery drone system model which shows promising results.

show abstract

Section: Defense Modelsmentioning

confidence: 99%

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Meng

Viswanathan

Saswata

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Controls and enhancements are continually updated-there are 863 controls and enhancements as of revision four. Detailed mapping between the CAPECs, NIST controls and the architectural level component properties can be found in [36].…”

Section: Security Threat Evaluation and Mitigation (Stem)mentioning

confidence: 99%

“…Mitigations are linked to CAPECs so that controls are only suggested if they are useful in mitigating attacks that have a defined effect on the system under consideration. The mapping between CAPECs, VERDICT cyber defense properties and NIST-800-53 controls is shown in Table A1 in Appendix A adapted from [36]. CAPECs that are mitigated by the same defense have been grouped together.…”

Section: Security Threat Evaluation and Mitigation (Stem)mentioning

confidence: 99%

VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System

Meng

Larraz

Siu

et al. 2021

Systems

Self Cite

View full text Add to dashboard Cite

The ever-increasing complexity of cyber-physical systems is driving the need for assurance of critical infrastructure and embedded systems. However, traditional methods to secure cyber-physical systems—e.g., using cyber best practices, adapting mechanisms from information technology systems, and penetration testing followed by patching—are becoming ineffective. This paper describes, in detail, Verification Evidence and Resilient Design In anticipation of Cybersecurity Threats (VERDICT), a language and framework to address cyber resiliency. When we use the term resiliency, we mean hardening a system such that it anticipates and withstands attacks. VERDICT analyzes a system in the face of cyber threats and recommends design improvements that can be applied early in the system engineering process. This is done in two steps: (1) Analyzing at the system architectural level, with respect to cyber and safety requirements and (2) by analyzing at the component behavioral level, with respect to a set of cyber-resiliency properties. The framework consists of three parts: (1) Model-Based Architectural Analysis and Synthesis (MBAAS); (2) Assurance Case Fragments Generation (ACFG); and (3) Cyber Resiliency Verifier (CRV). The VERDICT language is an Architecture Analysis and Design Language (AADL) annex for modeling the safety and security aspects of a system’s architecture. MBAAS performs probabilistic analyses, suggests defenses to mitigate attacks, and generates attack-defense trees and fault trees as evidence of resiliency and safety. It can also synthesize optimal defense solutions—with respect to implementation costs. In addition, ACFG assembles MBAAS evidence into goal structuring notation for certification purposes. CRV analyzes behavioral aspects of the system (i.e., the design model)—modeled using the Assume-Guarantee Reasoning Environment (AGREE) annex and checked against cyber resiliency properties using the Kind 2 model checker. When a property is proved or disproved, a minimal set of vital system components responsible for the proof/disproof are identified. CRV also provides rich and localized diagnostics so the user can quickly identify problems and fix the design model. This paper describes the VERDICT language and each part of the framework in detail and includes a case study to demonstrate the effectiveness of VERDICT—in this case, a delivery drone.

show abstract

“…VERDICT identifies possible threats and suggested mitigations (Moitra, et al, 2020). Threats are in terms of Mitre's CAPEC (Mitre, 2020); mitigations are in the form of defense profiles constructed from NIST's Security and Privacy Controls.…”

Section: Example Aadl Model: Delivery Dronementioning

confidence: 99%

Experience in Designing for Cyber Resiliency in Embedded DoD Systems

Barzeele

Siu

Robinson

et al. 2021

INCOSE International Symp

Self Cite

View full text Add to dashboard Cite

In DoD systems, software component reuse is highly valued, and development is rarely started from scratch. Most embedded weapon systems are a heterogeneous mixture of new, modified, and legacy components. This mixture drives an increased impetus to improve upon the existing system's model, and also creates an opportunity to assess potential cyber vulnerabilities earlier in the lifecycle. In this paper, we describe our experience in developing an experimental platform, which is a representative testbed that incorporates legacy, modified, and new components, using a process where we address cyber resiliency early in development. We give accounts of where each of the parts of our representative testbed originated, what modeling decisions we made, and how we analyzed cyber vulnerabilities. We also propose a system engineering process, based on architectural modeling of the system, which introduces analysis early in the design for cyber resiliency. We are developing an approach to use advanced tools to find vulnerabilities and to develop cyber resiliency requirements to counter those vulnerabilities. The creation of the model and documentation of cyber resiliency requirements and design decisions provide a positive impact on the system lifecycle and future integration of the system.

show abstract

Threat Identification and Defense Control Selection for Embedded Systems

Cited by 6 publications

References 0 publications

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

Attack-Defense Tree-based Security Analysis and Optimal Defense Synthesis for System Design

VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System

Experience in Designing for Cyber Resiliency in Embedded DoD Systems

Contact Info

Product

Resources

About