Model-based systems security quantification

2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

Volumn , Issue , 2011, Pages 142-149

  Ouchani, Samir ^a   Jarraya, Yosr ^a   Ait Mohamed, Otmane ^a  

^a Dept of Electrical and Computer Engineering   (Canada)

Author keywords

Activity Diagrams; Attack Pattern; Probabilistic verification; Risk Assessment; Security; SysML; Vulnerability detection

Indexed keywords

ACTIVITY DIAGRAM; ATTACK PATTERNS; PROBABILISTIC VERIFICATION; SECURITY; SYSML; VULNERABILITY DETECTION;

DESIGN; RISK ASSESSMENT; STANDARDIZATION; SYSTEMS ANALYSIS;

MODEL CHECKING;

EID: 80052101817     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PST.2011.5971976     Document Type: Conference Paper

References (39)

1. E. Andrade, P. Maciel, G. Callou, and B. Nogueira, "A Methodology for Mapping SysML Activity Diagram to Time Petri Net for Requirement Validation of Embedded Real-Time Systems with Energy Constraints, " in ICDS '09: Proc. of the 2009 Third Int. Conf on Dig. Soc. Washington, DC, USA: IEEE Computer Society, 2009, pp. 266-271.
2. c. Baier and J. P. Katoen, Principles of Model Checking. The MIT Press, May 2008. [Online] . Available: http://www.worldcat.org/isbn/026202649X
3. M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, The Secure Real-time Transport Protocol (SRTP), United States, 2004.
4. M. Buchholtz, S. Gilmore, V. Haenel, and C. Montangero, "End-to-End Integrated Security and Performance Analysis on the DEGAS Choreographer Platform, " in Proceedings of the International Symposium of Formal Methods Europe (FM 2005), number 3582 in LNCS. SpringerVerlag, 2005, pp. 286-30 I.
5. E. Carneiro, P. Maciel, G. Callou, E. Tavares, and B. Nogueira, "Mapping SysML State Machine Diagram to Time Petri Net for Analysis and Verification of Embedded Real-Time Systems with Energy Constraints, " in ENICS '08: Proc. of the 2008 Int. Confon Adv. in Elec. and Micro-elec. Washington, DC, USA: IEEE Computer Society, 2008, pp. 1-6.
6. M. Frigault and L. Wang, "Measuring Network Security Using Bayesian Network-Based Attack Graphs, " in Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International, August 2008, pp. 6 98- 703.
7. M. Gegick and L. Williams, "On The Design of More Secure SoftwareIntensive Systems by Use of Attack Patterns, " Irif. Softw. Techno!. , vol. 4 9, pp. 381-3 9 7, April 2007. (Pubitemid 46162190)
8. G. Georg, K. Anastasakis, B. Bordbar, S. H. Houmb, I. Ray, and M. Toahchoodee, "Verification and Trade-Off Analysis of Security Properties in UML System Models, " IEEE Transactions on Software Engineering, vol. 36, pp. 338-356, 2010.
9. K. M. Goertzel, T. Winograd, H. L. McKinley, L. O. M. Colon, T. McGibbon, E. Fedchak, and R. Vienneau, "Software Security Assurance, State-of-the-Art Report SOAR;' IATAC and DACS, State-ofthe- Art Report S P0 700- 98-D-4002, July 2007.
10. L. Grunske and D. Joyce, "Quantitative Risk-Based Security Prediction for Component-Based Systems with Explicitly Modeled Attack Profiles, " J Syst. Softw. , vol. 81, pp. 1327-1345, August 2008.
11. J. Holt and S. Perry, SysML for Systems Engineering. Institution of Engineering and Technology Press, January 2007.
12. G. J. Holzmann, Design and Validation of Computer Protocols. Upper Saddle River, NJ, USA: Prentice- Hall, Inc. , 1991.
13. S. H. Houmb, S. Islam, E. Knauss, J. Jiirjens, and K. Schneider, "Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec, " Requir. Eng. , vol. 15, pp. 63-93, March 2010.
14. L. D. Howard, Writing Secure Code. Microsoft Press, 2002.
15. Information technology-Security techniques-Information security risk management, International Organization for Standardization (ISO), 2008.
16. D. N. Jansen, H. Hermanns, and J. P. Katoen, "A Probabilistic Extension of UML Statecharts-Specification and Verification, " in In Formal Techniques in Real-Time and Fault-Tolerant Systems (F TRTFT), LNCS 2469: 355374. Springer, 2002, pp. 76-91.
17. -, "A QoS-Oriented Extension of UML Statecharts, " Lecture notes in computer science, vol. 2863, pp. 76-91, 2003.
18. Y. Jarraya, M. Debbabi, and J. Bentahar, "On the Meaning of SysML Activity Diagrams, " in Proc. of the 2009 16th Ann. IEEE Int. Corif. and Work. on the Eng. of Compo Based Sys. , ser. ECBS '0 9. Washington, DC, USA: IEEE Computer Society, 2009, pp. 95-105.
19. Y. Jarraya, A. Soeanu, M. Debbabi, and F. Hassaine, "Automatic Verification and Performance Analysis of Time-Constrained SysML Activity Diagrams, " in ECBS '07: Proc. of the 14th An. IEEE Int. Conf and Work. on the Eng. of Comp.-Bas. Sys. Washington, DC, USA: IEEE Computer Society, 2007, pp. 515-522. (Pubitemid 46900708)
20. S. Jha, O. Sheyner, and J. Wing, "Two Formal Analyses of Attack Graphs, " in the Proceedings of the 15th Computer Security Foundation Workshop. IEEE, 2002, pp. 49-63.
21. E. M. C. Jr. , O. Grumberg, and D. A. Peled, Model Checking. The MIT Press, 1999.
22. J. Jiirjens, Secure Systems Development with UML. Springer, 2005.
23. J. Jiirjens and P. Shabalin, "Automated Verification of UMLsec Models for Security Requirements, " in UML 2004 The Unified Modeling Language, volume 2460 of LNCS. Springer, 2004, pp. 412-425.
24. -, "Tools for Secure Systems Development with UML, " Int. J Soflw. Tools Techno!. Transf, vol. 9, pp. 527-544, October 2007. (Pubitemid 47603661)
25. T. Lodderstedt, D. A. Basin, and J. Doser, "SecureUML: A UML-Based Modeling Language for Model-Driven Security, " in the Proceedings of the 5th International Conference on The Unified Modeling Language, ser. UML '02. London, UK: Springer-Verlag, 2002, pp. 426-441.
26. P. K. Manadhata, "An Attack Surface Metric, " Ph. D. dissertation, Carnegie Mellon University, 2008.
27. L. O. Gorman, "Comparing Passwords, Tokens, and Biometrics for User Authentication, " Proceedings of the IEEE, vol. 91, no. 12, pp. 2021- 2040, 2003.
28. OMG, OMG Systems Modeling Language (OMG SysML) Specification, Object Management Group, September 2007, oMG Available Specification.
29. S. Ouchani, "Automatic Generation of Fuzzy Inference Systems, " 1 9 9 7, bachelor Thesis to obtain Engineering Degree from Sidi Bel Abess University.
30. S. Ouchani, Y. Jarraya, O. A. Mohamed, and M. Debbabi, "Security Estimation in Streaming Protocols," in 201 I International Conference on Innovations in Information Technology (Innovations 2011), Abu Dhabi, UAE, Apr. 2011, pp. 427-432.
31. S. Ouchani, O. A. Mohamed, M. Debbabi, and M. Pourzandi, "Verification of the Correctness in Composed UML Behavioural Diagrams, " in SERA (selected papers), 2010, pp. 163-177.
32. J. Pamula, S. Jajodia, P. Ammann, and V. Swarup, "A WeakestAdversary Security Metric For Network Configuration Security Analysis, " in the Proceedings of the 2nd ACM workshop on Quality of protection, ser. QoP'06. New York, NY, USA: ACM, 2006, pp. 31-38. (Pubitemid 47165622)
33. T. J. Ross, Fuzzy logic with engineering applications. John Wiley and Sons, Timothy J. Ross.
34. P. Saqui-Sannes, T. Villemur, B. Fontan, S. Mota, M. S. Bouassida, N. Chridi, I. Chrisment, and L. Vigneron, " Formal Verification of Secure Group Communication Protocols Modelled in UML, " Innovations in Systems and Software Engineering, vol. 6, pp. 125-133, 2010.
35. S. E. Schechter, "Computer Security Strength & Risk: A Quantitative Approach, " Ph. D. dissertation, Harvard University, 2004.
36. B. Schneier, "Attack Trees: Modeling Security Threats, " Dr. Dobb's Journal, 1999.
37. H. Schulzrinne, A. Rao, and R. Lanphier, Real Time Streaming Protocol (RTSP), United States, 1 9 98.
38. L. Siveroni, A. Zisman, and G. Spanoudakis, "A UML-Based Static Verification Framework for Security, " Requirements Engineering, vol. 15, pp. 95-118, 2010.
39. P. Team, " PRISM-Probabilistic Symbolic Model Checker, " http://www.prismmodelchecker.org. last visited: March 2011.