An Object-Oriented Approach for Modelling Security Scenarios

In this article the authors derive an object-oriented model for structuring threat scenarios. Underpinned by the core principles of realistic evaluation, the model focuses on the specification of events related to the goals of the protagonists. For the development of the model, relevant objects within the ecosystem were specified, and the potential modifications of their properties were linked to causal events. The modelling approach encourages scenario modellers to specify only the relevant elements of the ecosystem and ignore less relevant ones, by identifying the cause-effect relationships between objects. The article illustrates the proposed method through a concrete threat scenario, involving a three-step terrorist attack. The structured format presented in this article provides a useful template that has been tested in the EU FP7 project RIBS. The model was successfully employed to create a computer simulation and communicate the constraints of the problem to a team of engineers, architects and security experts.