sysml sec attack graphs compact representations for
play

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks - PowerPoint PPT Presentation

Jul 10, 2023 •234 likes •470 views

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille Mines-Telecom ludovic.apvrille@telecom-paristech.fr Yves Roudier yves.roudier@eurecom.fr GraMSec2015 Context: Security for Embedded Systems

  1. SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille Mines-Telecom ludovic.apvrille@telecom-paristech.fr Yves Roudier yves.roudier@eurecom.fr GraMSec’2015

  2. Context: Security for Embedded Systems Attack trees Contribution Conclusion Outline Context: Security for Embedded Systems Embedded systems SysML-Sec Attack trees Contribution Conclusion 2/23 July, 2015 Institut Mines-Telecom

  3. Context: Security for Embedded Systems Attack trees Contribution Conclusion Examples of Threats Transport systems Use of exploits in Flight Management System (FMS) to control ADS-B/ACARS [Teso 2013] Internet of Things (C) aviationweek.com Proof of concept of attack on IZON camera [Stanislav 2013] Medical appliances Infusion pump vulnerability, April 2015. http://www.scip.ch/en/?vuldb.75158 (C) Hospira 3/23 July, 2015 Institut Mines-Telecom

  4. Context: Security for Embedded Systems Attack trees Contribution Conclusion Designing Safe and Secure Embedded Systems: SysML-Sec Main idea ◮ Holistic approach : bring together experts in embedded system architects, system designers and security experts Common issues (addressed by SysML-Sec): ◮ Adverse effects of security over safety/real-time/performance properties ◮ Commonly: only the design of security mechanisms ◮ Hardware/Software partitioning ◮ Commonly: no support for this in tools/approaches in MDE and security approaches 4/23 July, 2015 Institut Mines-Telecom

  5. Context: Security for Embedded Systems Attack trees Contribution Conclusion SysML-Sec: Methodology Functional view Architectural view Functional view Architectural view Simulation Formal analysis Requirements Mapping view Requirements Mapping view Simulation Formal analysis SW/HW Partitioning Attacks Attacks Simulation Formal analysis Simulation Structural view Behavioral view Structural view Behavioral view Formal analysis Deployment view Test Deployment view System Design System Design Fully supported by TTool 5/23 July, 2015 Institut Mines-Telecom

  6. Context: Security for Embedded Systems Attack trees Contribution Conclusion Outline Context: Security for Embedded Systems Attack trees Attack trees Contribution Conclusion 6/23 July, 2015 Institut Mines-Telecom

  7. Context: Security for Embedded Systems Attack trees Contribution Conclusion Google-izing Attack Trees 7/23 July, 2015 Institut Mines-Telecom

  8. Context: Security for Embedded Systems Attack trees Contribution Conclusion Attack Trees Definition and purpose ◮ Originate from fault trees, introduced by Bruce Schneier (1999) ◮ Depict how a system element can be attacked ◮ Helps finding attack countermeasures ◮ Root attack, children, leaves ◮ OR and AND relations between children 8/23 July, 2015 Institut Mines-Telecom

  9. Context: Security for Embedded Systems Attack trees Contribution Conclusion Attack Trees: Related Work ◮ Generation of ATs from other formalisms [Vigo 2014] ◮ Semantics extensions ◮ [Khand 2009] ◮ PAND , k-out-of-n , CSUB , SEQ , . . . ◮ [Zhao 2014] ◮ Permissions and capabilities on nodes ◮ Applied to malware analysis ◮ Security assessment ◮ Privilege graphs [Dacier 1996] ◮ Petri nets [Dalton 2006] [Pudar 2009] ◮ Markov processes [Pi` etre-Cambac´ ed` es 2010] 9/23 July, 2015 Institut Mines-Telecom

  10. Context: Security for Embedded Systems Attack trees Contribution Conclusion Attack Trees: A Few Issues Semantics Relation with other development stages ◮ Semantics of AND and OR is limited to express complex ◮ No relation with (security) attack scenarios requirements ◮ No ordering between ◮ More generally, not attacks integrated into ◮ No temporal operators methodologies ◮ No relation between attacks and the HW/SW components of the system ◮ Difficult to figure out the where and which of countermeasures 10/23 July, 2015 Institut Mines-Telecom

  11. Context: Security for Embedded Systems Attack trees Contribution Conclusion Outline Context: Security for Embedded Systems Attack trees Contribution New operators Conclusion 11/23 July, 2015 Institut Mines-Telecom

  12. Context: Security for Embedded Systems Attack trees Contribution Conclusion Overview (with an Example) <<block>> AttackerSystem <<block>> AttackerPC <<root attack>> IllegalBankAccountTransactionBasedOnT oken ◮ SysML Parametric <<SEQUENCE>> 1 2 <<block>> AttackerWebServer diagram <<attack>> <<attack>> LogOnBankAccount PerformT okenBasedAuthentication <<attack>> GenerateFakeBankWebsite ◮ Asset = Block <<attack>> <<BEFORE>> 2 SendTANT oServer 120 1 ◮ Attacks = <<block>> <<attack>> AttackedSystem <<block>> RetrieveUserLoginAndPassword UserMobilePhone_Android <<AND>> Attributes of blocks <<attack>> <<block>> RetrieveTransactionTAN UserPC ◮ Relation between <<attack>> <<attack>> InstallKeyLogger ControlFakeHTTPBankURL <<SEQUENCE>> 1 2 attacks = <<block>> Browser <<attack>> <<block>> SilentlyInterceptSMS Windows_Win32 <<attack>> Constraints InstallMaliciousPlugin <<attack>> <<attack>> InstallTrojan UserInstallsFakeBankApplication <<attack>> ◮ Formal semantics RedirectHTTPRequestFromBankT oFakeBank <<attack>> 1 ExploitVulnerability <<attack>> <<SEQUENCE>> 2 RequestUserT oInstallMobileFakeBankApplication ◮ Timed automata <<XOR>> <<attack>> ExploitVunerability <<block>> <<attack>> OtherSoftwareApplications ExploitVulnerability 12/23 July, 2015 Institut Mines-Telecom

  13. Context: Security for Embedded Systems Attack trees Contribution Conclusion Semantics ◮ Attacks ◮ Intermediate attacks ◮ Root attack ◮ Constraints ◮ AND, OR, XOR, SEQUENCE, BEFORE, AFTER 13/23 July, 2015 Institut Mines-Telecom

  14. Context: Security for Embedded Systems Attack trees Contribution Conclusion Semantics of Attacks Attack Intermediate Attack 14/23 July, 2015 Institut Mines-Telecom

  15. Context: Security for Embedded Systems Attack trees Contribution Conclusion Semantics of Constraints AND SEQUENCE 15/23 July, 2015 Institut Mines-Telecom

  16. Context: Security for Embedded Systems Attack trees Contribution Conclusion Semantics of Constraints (Cont.) OR XOR 16/23 July, 2015 Institut Mines-Telecom

  17. Context: Security for Embedded Systems Attack trees Contribution Conclusion Semantics of Constraints (Cont.) BEFORE AFTER 17/23 July, 2015 Institut Mines-Telecom

  18. Context: Security for Embedded Systems Attack trees Contribution Conclusion Formal Verification ◮ Reachability of an attack a ◮ Liveness of an attack a ◮ a 1 Leads to a 2 ( a 1 � a 2 ) 18/23 July, 2015 Institut Mines-Telecom

  19. Context: Security for Embedded Systems Attack trees Contribution Conclusion Disabling Attacks ◮ Right click to disable/enable an attack <<block>> UserMobilePhone_Android <<attack>> RetrieveTransactionTAN <<SEQUENCE>> 1 2 <<attack>> SilentlyInterceptSMS disabled <<attack>> UserInstallsFakeBankApplication 19/23 July, 2015 Institut Mines-Telecom

  20. Context: Security for Embedded Systems Attack trees Contribution Conclusion Temporal Compatibility ◮ Temporal constraints may impact attacks reachability/liveness <<attack>> final <<BEFORE>> 10 1 2 <<AFTER>> <<attack>> 15 attack01 1 2 <<attack>> <<attack>> attack03 attack02 20/23 July, 2015 Institut Mines-Telecom

  21. Context: Security for Embedded Systems Attack trees Contribution Conclusion Outline Context: Security for Embedded Systems Attack trees Contribution Conclusion Conclusion, future work and references 21/23 July, 2015 Institut Mines-Telecom

  22. Context: Security for Embedded Systems Attack trees Contribution Conclusion Conclusion and Future Work Achievements ◮ Extended and formally defined attack trees ◮ Integrated into SysML-Sec ◮ Fully supported by TTool ◮ Applied to different domains, e.g., malware, automotive systems Future work ◮ Handling new situations ◮ Cycles, nb of iterations, priorities ◮ Quantitative assessments of threats 22/23 July, 2015 Institut Mines-Telecom

  23. Context: Security for Embedded Systems Attack trees Contribution Conclusion To Go Further ... Web sites ◮ https://sysml-sec.telecom-paristech.fr ◮ https://ttool.telecom-paristech.fr References (SysML-Sec) ◮ Ludovic Apvrille, Yves Roudier, ”SysML-Sec: A SysML Environment for the Design and Development of Secure Embedded Systems”, Proceedings of the INCOSE/APCOSEC 2013 Conference on system engineering, Yokohama, Japan, September 8-11, 2013. 23/23 July, 2015 Institut Mines-Telecom

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SysML Overview Draft Update SysML Partners www.sysml.org OMG SE DSIG Meeting April 27, 2004

SysML Overview Draft Update SysML Partners www.sysml.org OMG SE DSIG Meeting April 27, 2004

SysML Overview Draft Update SysML Partners www.sysml.org OMG SE DSIG Meeting April 27, 2004 Objectives Describe SysML approach for customizing UML 2 to satisfy UML for SE RFP requirements Material is In Process based on current

1.7k views • 119 slides
Introduction Attack Graphs Model Creation Analysis of Attack Graphs

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

684 views • 50 slides
Graphs and their representations After this lesson, you should be able to define the

Graphs and their representations After this lesson, you should be able to define the

Review Re A E C F B D Graphs and their representations After this lesson, you should be able to define the major terminology relating to graphs implement a graph in code, using various conventions https :// www.google.com /

567 views • 22 slides
Graphs and their representations After this lesson, you should be able to define the

Graphs and their representations After this lesson, you should be able to define the

A E C F B D Graphs and their representations After this lesson, you should be able to define the major terminology relating to graphs implement a graph in code, using various conventions

233 views • 21 slides
A Compact Representation for Chordal Chordal Graphs Graphs A Compact Representation for Lilian

A Compact Representation for Chordal Chordal Graphs Graphs A Compact Representation for Lilian

A Compact Representation for Chordal Chordal Graphs Graphs A Compact Representation for Lilian Markenzon Lilian Markenzon N cleo de Computa cleo de Computa o Eletrnica o Eletrnica N Universidade Federal do Rio de Janeiro,

437 views • 27 slides
Towards Compact and Tractable Automaton-based Representations of Time Granularities Ugo Dal Lago

Towards Compact and Tractable Automaton-based Representations of Time Granularities Ugo Dal Lago

Towards Compact and Tractable Automaton-based Representations of Time Granularities Ugo Dal Lago 1 , Angelo Montanari 2 , and Gabriele Puppis 2 1 Dipartimento di Scienze dellInformazione, Universit` a di Bologna Mura Anteo Zamboni 7, 40127

342 views • 21 slides
A Bayesian Approach to Finding Compact Representations for Reinforcement Learning Special thanks

A Bayesian Approach to Finding Compact Representations for Reinforcement Learning Special thanks

A Bayesian Approach to Finding Compact Representations for Reinforcement Learning Special thanks to Joelle Pineau for presenting our paper - July, 2012 1 Authors Alborz Geramifard Stefanie Tellex David Wingate Nicholas Roy Jonathan How 2

491 views • 25 slides
Graphs and their representations After this lesson, you should be able to explain what

Graphs and their representations After this lesson, you should be able to explain what

Graphs and their representations After this lesson, you should be able to explain what makes a graph different than a tree implement simple graph algorithms https://www.google.com/maps/preview#!data=!1m4!1m3!1d989355!2d-

505 views • 15 slides
Graphs Introduction Types Classes Slides by Christopher M. Bourke Representations Instructor:

Graphs Introduction Types Classes Slides by Christopher M. Bourke Representations Instructor:

Graphs CSE235 Graphs Introduction Types Classes Slides by Christopher M. Bourke Representations Instructor: Berthe Y. Choueiry Isomorphism Connectivity Euler &amp; Hamiltonian Spring 2006 Computer Science &amp; Engineering 235

783 views • 56 slides
Pixel &amp; Voxel Representations of Graphs Md. Jawaherul Alam Tiomas Blsius Ignaz Rutuer

Pixel &amp; Voxel Representations of Graphs Md. Jawaherul Alam Tiomas Blsius Ignaz Rutuer

Northridge, Los Angeles September 26, 2015 Graph Drawing Pixel &amp; Voxel Representations of Graphs Md. Jawaherul Alam Tiomas Blsius Ignaz Rutuer Torsuen Ueckerdt Alexander Wolff . Motivation Build contact representation of graphs

1.49k views • 87 slides
Pixel &amp; Voxel Representations of Graphs Md. Jawaherul Alam Tiomas Blsius Ignaz Rutuer

Pixel &amp; Voxel Representations of Graphs Md. Jawaherul Alam Tiomas Blsius Ignaz Rutuer

Northridge, Los Angeles September 26, 2015 Graph Drawing Pixel &amp; Voxel Representations of Graphs Md. Jawaherul Alam Tiomas Blsius Ignaz Rutuer Torsuen Ueckerdt Alexander Wolff . Motivation Build contact representation of graphs

1.65k views • 88 slides
Maps A map is an equivalence class of labeled graphs embedded on a compact Riemann surface.

Maps A map is an equivalence class of labeled graphs embedded on a compact Riemann surface.

Maps A map is an equivalence class of labeled graphs embedded on a compact Riemann surface. Equivalent if an orientation preserving homeomorphism of the surface takes one graph to the other. Map condition the graphs complement must be

294 views • 12 slides
Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

1.06k views • 60 slides
Contact Representations of Planar Graphs Graduiertenkolleg MDS TU Berlin April 20., 2015 Stefan

Contact Representations of Planar Graphs Graduiertenkolleg MDS TU Berlin April 20., 2015 Stefan

Contact Representations of Planar Graphs Graduiertenkolleg MDS TU Berlin April 20., 2015 Stefan Felsner felsner@math.tu-berlin.de Overview A Survey of Results and Problems Straight Line Triangle Representations Discs a a b b c c

528 views • 49 slides
New Geometric Representations and Domination Problems on Tolerance and Multitolerance Graphs

New Geometric Representations and Domination Problems on Tolerance and Multitolerance Graphs

New Geometric Representations and Domination Problems on Tolerance and Multitolerance Graphs Archontia Giannopoulou George B. Mertzios School of Engineering and Computing Sciences, Durham University, UK Algorithmic Graph Theory on the Adriatic

1.04k views • 83 slides
Old and New Challenges in Coloring Graphs with Geometric Representations Bartosz Walczak

Old and New Challenges in Coloring Graphs with Geometric Representations Bartosz Walczak

Old and New Challenges in Coloring Graphs with Geometric Representations Bartosz Walczak Jagiellonian University Krakw, Poland The 27th International Symposium on Graph Drawing and Network Visualization Chromatic number, denoted :

978 views • 72 slides
Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit: 25 September 2019 www.data61.csiro.au Overview What is a Trustworthy System? What does

747 views • 26 slides
Reliability Engineering Overview Reliability engineering measures and improves resistance to

Reliability Engineering Overview Reliability engineering measures and improves resistance to

Reliability Engineering: A Brief Overview Mohammad Modarres Reliability Engineering Overview Reliability engineering measures and improves resistance to failure over time, estimates expended life, and predicts time-to-failure What

484 views • 5 slides
Acyclic Phase-Type Distributions in Fault Trees Pepijn Crouzen Reza Pulungan Dept. of Computer

Acyclic Phase-Type Distributions in Fault Trees Pepijn Crouzen Reza Pulungan Dept. of Computer

Theory Practice Conclusion Acyclic Phase-Type Distributions in Fault Trees Pepijn Crouzen Reza Pulungan Dept. of Computer Science Jurusan Ilmu Komputer Saarland University Universitas Gadjah Mada Germany Indonesia The 9th International

813 views • 49 slides
One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato

One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato

Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://theory.stanford.edu/~iliano Joint work with Cathy

253 views • 22 slides
SWEN 256 Software Process &amp; Project Management Problems that havent

SWEN 256 Software Process &amp; Project Management Problems that havent

SWEN 256 Software Process &amp; Project Management Problems that havent happened yet Characterized by: o Uncertainty (0 &lt; probability &lt; 1) o An associated loss (money, life, reputation, etc) o Manageable some action

413 views • 18 slides
Graing Trees: a Fault Aack against the SPHINCS framework Laurent Castelnovi Ange

Graing Trees: a Fault Aack against the SPHINCS framework Laurent Castelnovi Ange

Introducon Hash-based signatures Graing trees Conclusion Graing Trees: a Fault Aack against the SPHINCS framework Laurent Castelnovi Ange Marnelli Thomas Prest Introducon Hash-based signatures Graing trees Conclusion

447 views • 21 slides
Progress on Parameter Synthesis for Markov Models Joost-Pieter Katoen Joint with: Christian

Progress on Parameter Synthesis for Markov Models Joost-Pieter Katoen Joint with: Christian

Progress on Parameter Synthesis for Markov Models Joost-Pieter Katoen Joint with: Christian Dehnert, Nils Jansen, Sebastian Junges, Tim Quatman, Erika brahm, Harold Bruintjes, Florian Corzilius, Ufuk Topcu, Murat Cubutceke, Ivan Papusha,

1.21k views • 103 slides
IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud Dan

IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud Dan

KTH ROYAL INSTITUTE OF TECHNOLOGY IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud Dan Gorton Center for Safety Research Department of Transport Science Outline Background Scenarios Directions for

552 views • 36 slides

More recommend