Designing Sequence Diagram Models for Robustness to Attacks

The omnipresence of complex distributed component-based systems offers numerous opportunities for malicious parties, especially thanks to the numerous communication mechanisms brought into play. This is particularly true for Smart Grids systems in which electricity networks and information technology are coupled to provide smarter and more efficient energy production-to-consumption chain. Indeed, Smart Grids are clearly security sensitive since a lot of components usually operate outside of the trusted company´s border. In this paper, we propose a model-based methodology targeting the diagnostic of attacks with respect to some trusted components. The methodology combines UML sequence diagrams (SD) and formal symbolic techniques in order to model and analyze systems and threats from early design stages. We introduce a criterion that allows us to qualify or not a SD as robust with respect to an attack, also modeled as a SD. The criterion is defined by comparing traces as they are perceived by trusted components. We illustrate our approach with a UML sequence diagram issued from a Smart Grid case study.