Translation of AADL model to security attack tree (TAMSAT) to SMART evaluation of monetary security risk

Wortman, Paul A.; Chandy, John A.

doi:10.1080/19393555.2022.2106909

Cited by 3 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It has been observed that attack trees are more efective for fnding threats in the absence of use-case diagrams [52]. Te graphical representation of the attack tree provides a better understanding of how attacks can be successful and the probability of attacks that are most likely to succeed [53,54]. Te methodology can also reveal the vulnerability of a system, under specifed constraints.…”

Section: Security Requirementsmentioning

confidence: 99%

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Hussain,

Anwaar,

Sultan

et al. 2024

Journal of Engineering

View full text Add to dashboard Cite

For the past few years, software security has become a pressing issue that needs to be addressed during software development. In practice, software security is considered after the deployment of software rather than considered as an initial requirement. This delayed action leads to security vulnerabilities that can be catered for during the early stages of the software development life cycle (SDLC). To safeguard a software product from security vulnerabilities, security must be given equal importance with functional requirements during all phases of SDLC. In this paper, we propose a policy-driven waterfall model (PDWM) for secure software development describing key points related to security aspects in the software development process. The security requirements are the security policies that are considered during all phases of waterfall-based SDLC. A framework of PDWM is presented and applied to the e-travel scenario to ascertain its effectiveness. This scenario is a case of small to medium-sized software development project. The results of case study show that PDWM can identify 33% more security vulnerabilities as compared to other secure software development techniques.

show abstract

Section: Security Requirementsmentioning

confidence: 99%

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Hussain,

Anwaar,

Sultan

et al. 2024

Journal of Engineering

View full text Add to dashboard Cite

show abstract

“…However, there has been a lack of work in developing effective methods for translating system architecture models into an attack tree security model. To this purpose we have created the TAMSAT (Translation of AADL Model to Security Attack Tree) tool which aims to help fill this void by providing a method for converting user defined systems into easy to understand and assess security models [35]. In other words, we wish to enable the translation of an early life-cycle development model into an attack tree structure that can be used to determine the security risk of the model.…”

Section: Tamsatmentioning

confidence: 99%

“…This examination can occur before a specific architecture has been decided, after architectural decisions have been made, and as a method to explore and evaluate the design's choices and constraints. The original publication work for TAMSAT [35] shows how TAMSAT can be utilized repeatedly to evaluate existing designs, determine the validity of the current security constraints and requirements, and highlights how TAMSAT could be used as part of an automatic toolset. In this section we will explain in detail the design of TAMSAT and how it takes an AADL system model and produces an attack tree model.…”

Section: Tamsatmentioning

confidence: 99%

A framework for evaluating security risk in system design

Wortman

Chandy

2022

Discov Internet Things

View full text Add to dashboard Cite

Design and development of ubiquitous computer network systems has become increasingly difficult as technology continues to grow. From the introduction of new technologies to the discovery of existing threats, weaknesses, and vulnerabilities there is a constantly changing landscape of potential risks and rewards. The cyber security community, and industry at large, is learning to account for these increasing threats by including protections and mitigations from the beginning of the design V process. However, issues still come from limitations in time for thoroughly exploring a potential design space and the knowledge base required to easily account for potential vulnerabilities in each. To address this problem we propose the G-T-S framework, which is an automated tool that allows a user to provide a set of inputs relating to the desired design space and returns a monetary security risk evaluation of each. This methodology first generates a series of potential designs, then dissects their contents to associate possible vulnerabilities to device elements, and finally evaluates the security risk poised to a central asset of importance. We exemplify the tools, provide methodologies for required background research, and discuss the results in evaluating a series of IoT Home models using the GTS framework. Through implementation of our framework we simplify the information an individual will require to begin the design process, lower the bar for entry to perform evaluating security risk, and present the risk as an easily understood monetary metric.

show abstract