Title :
A Security Risk Assessment Framework for SysML Activity Diagrams
Author :
Ouchani, Samir ; Mohamed, O. Ait ; Debbabi, Mourad
Author_Institution :
Comput. Security Lab. (CSL), Concordia Univ., Montreal, QC, Canada
Abstract :
In this paper, we address the issue of security risk assessment of systems that are designed by using SysML activity diagrams. For this purpose, we develop a practical framework to enable security requirements specification and security level evaluation. First, we rely on the standard catalogue of attacks to build a library of attacks patterns. Then, we model the extracted patterns as SysML activity diagrams and we develop a specification algorithm in order to automatically generate security requirements relevant to a system under test. In order to evaluate them, we propose a methodology to map the diagrams interaction into a probabilistic model checker. Finally, we demonstrate the effectiveness of our framework on the secure real time streaming protocol.
Keywords :
formal specification; formal verification; object-oriented languages; protocols; risk management; security of data; SysML activity diagram; attack catalogue; attacks pattern library; probabilistic model checker; realtime streaming protocol; security level evaluation; security requirement specification; security risk assessment framework; specification algorithm; Modeling; Probabilistic logic; Security; Semantics; Standards; Syntactics; Unified modeling language; Attack Pattern; Attack Surface; PCTL; Security Requirements; SysML Activity Diagrams;
Conference_Titel :
Software Security and Reliability (SERE), 2013 IEEE 7th International Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
978-1-4799-0406-8
DOI :
10.1109/SERE.2013.11
