Abstract
We discuss in this paper the use of SysML-Sec attack graphs as a graphical and semi-formal representation for complex attacks. We illustrate this on a PC and mobile malware example. We furthermore provide examples of the expressivity of the operators used in such diagrams. We finally formalize the attack traces described by these operators based on timed automata.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Apvrille, L.: TTool website (2013). http://ttool.telecom-paristech.fr/
Apvrille, L., Roudier, Y.: SysML-sec: a sysML environment for the design and development of secure embedded systems. In: APCOSEC , Asia-Pacific Council on Systems Engineering, 8–11 September 2013, Yokohama, Japan. Yokohama, JAPAN (09 2013) (2013). http://www.eurecom.fr/publication/4186
Bengtsson, J.E., Yi, W.: Timed automata: semantics, algorithms and tools. In: Desel, J., Reisig, W., Rozenberg, G. (eds.) Lectures on Concurrency and Petri Nets. LNCS, vol. 3098, pp. 87–124. Springer, Heidelberg (2004)
Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17(4), 363–434 (2009)
Dacier, M., Deswarte, Y., Kaâniche, M.: Information systems security, pp. 177–186. Chapman & Hall Ltd, London, UK (1996). http://dl.acm.org/citation.cfm?id=265514.265530
Dalton, G., Mills, R., Colombi, J., Raines, R.: Analyzing attack trees using generalized stochastic petri nets. In: Information Assurance Workshop, 2006 IEEE, pp. 116–123, June 2006
Fortinet: The Android/Chuli.A!tr.spy virus, March 2013. http://www.fortiguard.com/encyclopedia/virus/#id=4805535
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: ITST, Lille, France (2009)
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Khand, P.: System level security modeling using attack trees. In: 2nd International Conference on Computer, Control and Communication, 2009. IC4 2009, pp. 1–6, February 2009
Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic driven markov processes (bdmp). In: Dependable Computing Conference (EDCC), 2010 European, pp. 199–208, April 2010
Pudar, S., Manimaran, G., Liu, C.C.: Penet: a practical method and tool for integrated modeling of security attacks and countermeasures. Comput. Secur. 28(8), 754–771 (2009). http://www.sciencedirect.com/science/article/pii/S0167404809000522
Ruddle, A., et al.: Security Requirements for Automotive On-board Networks Based on Dark-side Scenarios. Technical report. Deliverable D2.3, EVITA Project (2009)
Schneier, B.: Attack Trees: Modeling Security Threats, December 1999
Vigo, R., Nielson, F., Nielson, H.: Automated generation of attack trees. In: 2014 IEEE 27th Computer Security Foundations Symposium (CSF), pp. 337–350, July 2014
Zhao, S., Li, X., Xu, G., Zhang, L., Feng, Z.: Attack tree based android malware detection with hybrid analysis. In: IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 380–387, September 2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Apvrille, L., Roudier, Y. (2016). SysML-Sec Attack Graphs: Compact Representations for Complex Attacks. In: Mauw, S., Kordy, B., Jajodia, S. (eds) Graphical Models for Security. GraMSec 2015. Lecture Notes in Computer Science(), vol 9390. Springer, Cham. https://doi.org/10.1007/978-3-319-29968-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-29968-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29967-9
Online ISBN: 978-3-319-29968-6
eBook Packages: Computer ScienceComputer Science (R0)