Skip to main content
SpringerLink
Log in

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks

  • Conference paper
  • First Online:
Graphical Models for Security (GraMSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9390))

Included in the following conference series:

Abstract

We discuss in this paper the use of SysML-Sec attack graphs as a graphical and semi-formal representation for complex attacks. We illustrate this on a PC and mobile malware example. We furthermore provide examples of the expressivity of the operators used in such diagrams. We finally formalize the attack traces described by these operators based on timed automata.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Apvrille, L.: TTool website (2013). http://ttool.telecom-paristech.fr/

  2. Apvrille, L., Roudier, Y.: SysML-sec: a sysML environment for the design and development of secure embedded systems. In: APCOSEC , Asia-Pacific Council on Systems Engineering, 8–11 September 2013, Yokohama, Japan. Yokohama, JAPAN (09 2013) (2013). http://www.eurecom.fr/publication/4186

  3. Bengtsson, J.E., Yi, W.: Timed automata: semantics, algorithms and tools. In: Desel, J., Reisig, W., Rozenberg, G. (eds.) Lectures on Concurrency and Petri Nets. LNCS, vol. 3098, pp. 87–124. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17(4), 363–434 (2009)

    Google Scholar 

  5. Dacier, M., Deswarte, Y., Kaâniche, M.: Information systems security, pp. 177–186. Chapman & Hall Ltd, London, UK (1996). http://dl.acm.org/citation.cfm?id=265514.265530

  6. Dalton, G., Mills, R., Colombi, J., Raines, R.: Analyzing attack trees using generalized stochastic petri nets. In: Information Assurance Workshop, 2006 IEEE, pp. 116–123, June 2006

    Google Scholar 

  7. Fortinet: The Android/Chuli.A!tr.spy virus, March 2013. http://www.fortiguard.com/encyclopedia/virus/#id=4805535

  8. Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: ITST, Lille, France (2009)

    Google Scholar 

  9. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Khand, P.: System level security modeling using attack trees. In: 2nd International Conference on Computer, Control and Communication, 2009. IC4 2009, pp. 1–6, February 2009

    Google Scholar 

  11. Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic driven markov processes (bdmp). In: Dependable Computing Conference (EDCC), 2010 European, pp. 199–208, April 2010

    Google Scholar 

  12. Pudar, S., Manimaran, G., Liu, C.C.: Penet: a practical method and tool for integrated modeling of security attacks and countermeasures. Comput. Secur. 28(8), 754–771 (2009). http://www.sciencedirect.com/science/article/pii/S0167404809000522

    Article  Google Scholar 

  13. Ruddle, A., et al.: Security Requirements for Automotive On-board Networks Based on Dark-side Scenarios. Technical report. Deliverable D2.3, EVITA Project (2009)

    Google Scholar 

  14. Schneier, B.: Attack Trees: Modeling Security Threats, December 1999

    Google Scholar 

  15. Vigo, R., Nielson, F., Nielson, H.: Automated generation of attack trees. In: 2014 IEEE 27th Computer Security Foundations Symposium (CSF), pp. 337–350, July 2014

    Google Scholar 

  16. Zhao, S., Li, X., Xu, G., Zhang, L., Feng, Z.: Attack tree based android malware detection with hybrid analysis. In: IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 380–387, September 2014

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut Mines-Telecom, Telecom ParisTech, CNRS LTCI, Sophia Antipolis, France

    Ludovic Apvrille

  2. EURECOM, Sophia Antipolis, France

    Yves Roudier

Authors
  1. Ludovic Apvrille
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yves Roudier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ludovic Apvrille .

Editor information

Editors and Affiliations

  1. University of Luxembourg, Luxembourg, Luxembourg

    Sjouke Mauw

  2. INSA Rennes and IRISA, Rennes, France

    Barbara Kordy

  3. George Mason University, Fairfax, VA, Virginia, USA

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Apvrille, L., Roudier, Y. (2016). SysML-Sec Attack Graphs: Compact Representations for Complex Attacks. In: Mauw, S., Kordy, B., Jajodia, S. (eds) Graphical Models for Security. GraMSec 2015. Lecture Notes in Computer Science(), vol 9390. Springer, Cham. https://doi.org/10.1007/978-3-319-29968-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29968-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29967-9

  • Online ISBN: 978-3-319-29968-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation