Abstract
Attack-Defense Trees (ADTrees) are widely used in the security analysis of software systems. In this paper, we introduce a novel approach to analyze system architecture models via ADTrees and to synthesize an optimal cost defense solution using MaxSMT. We generate an ADTree from the Architecture Analysis and Design Language (AADL) model with its possible attacks, and implemented defenses. We analyze these ADTrees to see if they satisfy their cyber-requirements. We then translate the ADTree into a set of logical formulas, that encapsulate both the logical structure of the tree, and the constraints on the cost of implementing the corresponding defenses, such that a minimization query to the MaxSMT solver returns a set of defenses that mitigate all possible attacks with minimal cost. We provide an initial evaluation of our tool on a delivery drone system model which shows promising results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Extended version of the paper: https://github.com/baoluomeng/2022_NFM/tree/main/synthesis_extended.pdf.
- 2.
VERDICT Tool GitHub: https://github.com/ge-high-assurance/VERDICT.
- 3.
The Delivery Drone AADL Model: https://github.com/baoluomeng/2022_NFM/tree/main/DeliveryDrone.
References
MITRE Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org/. Accessed 21 Mar 2022
National Institute of Standards and Technology 800-53. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final. Accessed 21 Mar 2022
Radio Technical Commission for Aeronautics(RTCA) DO326 - Airworthiness Security Process Specification. https://www.rtca.org/. Accessed 21 Mar 2022
Radio Technical Commission for Aeronautics(RTCA) DO356 - Airworthiness Security Methods and Considerations. https://www.rtca.org/. Accessed 21 Mar 2022
The OSATE Tool (2021). https://osate.org/about-osate.html
Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMT-LIB) (2016). www.SMT-LIB.org
Barzeele, J., et al.: Experience in designing for cyber resiliency in embedded DOD systems. In: INCOSE International Symposium, vol. 31, pp. 80–94. Wiley Online Library (2021)
Bjørner, N., Phan, A.-D., Fleckenstein, L.: \(\nu z\)- an optimizing SMT solver. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 194–199. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46681-0_14
Bossuat, A., Kordy, B.: Evil Twins: Handling Repetitions in Attack–Defense Trees. In: Liu, P., Mauw, S., Stølen, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 17–37. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74860-3_2
Feiler, P.H., Lewis, B., Vestal, S., Colbert, E.: An overview of the SAE architecture analysis & design language (AADL) standard: a basis for model-based architecture-driven embedded systems engineering. In: Dissaux, P., Filali-Amine, M., Michel, P., Vernadat, F. (eds.) Architecture Description Languages, pp. 3–15. Springer, US, Boston, MA (2005)
Fila, B., Wideł, W.: Exploiting attack-defense trees to find an optimal set of countermeasures. In: 2020 IEEE 33rd Computer Security Foundations Symposium (CSF), pp. 395–410 (2020). https://doi.org/10.1109/CSF49147.2020.00035
Javaid, A.Y., Sun, W., Devabhaktuni, V.K., Alam, M.: Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590. IEEE (2012)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6
Kordy, B., Wideł, W.: How well can I secure my system? In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 332–347. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_22
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17
Meng, B., et al.: Verdict: a language and framework for engineering cyber resilient and safe system. Systems 9(1), 18 (2021)
Moitra, A., Prince, D., Siu, K., Durling, M., Herencia-Zapana, H.: Threat identification and defense control selection for embedded systems. SAE Int. J. Transp. Cybersecur. Privacy 3(11-03-02-0005), 81–96 (2020)
Siu, K., Herencia-Zapana, H., Prince, D., Moitra, A.: A model-based framework for analyzing the security of system architectures. In: 2020 Annual Reliability and Maintainability Symposium (RAMS), pp. 1–6. IEEE (2020)
Siu, K., et al.: Architectural and behavioral analysis for cyber security. In: 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC), pp. 1–10. IEEE (2019)
Acknowledgement & Disclaimer
Distribution Statement “A” (Approved for Public Release, Distribution Unlimited). This research was developed with funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Meng, B., Viswanathan, A., Smith, W., Moitra, A., Siu, K., Durling, M. (2022). Synthesis of Optimal Defenses for System Architecture Design Model in MaxSMT. In: Deshmukh, J.V., Havelund, K., Perez, I. (eds) NASA Formal Methods. NFM 2022. Lecture Notes in Computer Science, vol 13260. Springer, Cham. https://doi.org/10.1007/978-3-031-06773-0_40
Download citation
DOI: https://doi.org/10.1007/978-3-031-06773-0_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06772-3
Online ISBN: 978-3-031-06773-0
eBook Packages: Computer ScienceComputer Science (R0)