Title :
Model-based systems security quantification
Author :
Ouchani, Samir ; Jarraya, Yosr ; Mohamed, Otmane Ait
Author_Institution :
Hardware Verification Group (HVG), Concordia Univ., Montreal, QC, Canada
Abstract :
In this paper, we address the issue of security verification and evaluation of systems at the design level. To this end, we elaborate a practical and formal framework that enables security risk assessment and security requirements verification on systems that are designed using SysML activity diagrams. Our approach is based on probabilistic adversarial interactions between potential attackers and the system design models. These interactions result in a global model that is used to quantify security risks by applying probabilistic model-checking. We rely on a standard catalogue of attack patterns to build a library of attacks´ design patterns. To demonstrate the effectiveness of our approach, we apply it on a real-life case study related to the Secure Real Time Streaming Protocol.
Keywords :
formal verification; security of data; SysML activity diagrams; formal framework; model-based systems security quantification; probabilistic model-checking; security evaluation; security requirements verification; security risk assessment; security verification; Protocols; Real time systems; Unified modeling language; Activity Diagrams; Attack Pattern; Probabilistic verification; Risk Assessment; Security; SysML; Vulnerability detection;
Conference_Titel :
Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4577-0582-3
DOI :
10.1109/PST.2011.5971976
