A domain-specific modeling framework for attack surface modeling
Por:
Sun, T.N., Drouot, B., Golra, F.R., Champeau, J., Guerin, S., Le Roux, L., Mazo, R., Teodorov, C., Van Aertryck, L., L'Hostis, B.
Publicada:
1 ene 2020
Resumen:
Cybersecurity is becoming vital as industries are gradually moving from automating physical processes to a higher level automation using cyber physical systems (CPS) and internet of things (IoT). In this context, security is becoming a continuous process that runs in parallel to other processes during the complete life cycle of a system. Traditional threat analysis methods use design models alongside threat models as an input for security analysis, hence missing the life-cycle-based dynamicity required by the security concern. In this paper, we argue for an attacker-aware systems modeling language that exposes the systems attack surfaces. For this purpose, we have designed Pimca, a domain specific modeling language geared towards capturing the attacker point of view of the system. This study introduces the formalism along with the Pimca workbench, a framework designed to ease the development and manipulation of the Pimca models. Finally, we present two relevant use cases, serving as a preliminary validation of our approach. © Copyright 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.
Filiaciones:
Furnell S.:
Lab. STICC UMR6285, ENSTA Bretagne, Brest, France
Mori P.:
Lab. STICC UMR6285, ENSTA Bretagne, Brest, France
Weippl E.:
Lab. STICC UMR6285, ENSTA Bretagne, Brest, France
Green Submitted, hybrid
|