Architecture-Based Attack Path Analysis for Identifying Potential Security Incidents

Manually estimating an attack path to a targeted software element can be complex since a software system consists of multiple vulnerable elements, such as components, hardware resources, or network elements. In addition, the elements are protected by access control. Software architecture describes the structural elements of the system, which may form elements of the attack path. However, estimating attack paths is complex since different attack paths can lead to a targeted element. Additionally, not all attack paths might be relevant since attack paths can have different properties based on the attacker\u27s capabilities and knowledge. We developed an approach that enables architects to identify relevant attack paths based on the software architecture. We created a metamodel for filtering options and added support for describing attack paths in an architectural description language. Based on this metamodel, we developed an analysis that automatically estimates attack paths using the software architecture. This can help architects to identify relevant attack paths to a targeted component and increase the system\u27s overall security. We evaluated our approach on five different scenarios. Our evaluation goals are to investigate our analysis\u27s accuracy and scalability. The results suggest a high accuracy and good runtime behavior for smaller architectures

Tool-Based Attack Graph Estimation and Scenario Analysis for Software Architectures

With the increase of connected systems and the ongoing digitalization of various aspects of our life, the security demands for software increase. Software architects should design a secure and resistant system. One solution can be the identification of attack paths or the usage of an access control policy analysis. However, due to the system complexity identifying an attack path or analyzing access control policies is hard. Current attack path calculation approaches, often only focus on the network topology and do not consider the more fine-grained information a software architecture can provide, such as the components or deployment. In addition, the impact of access control policies for a given scenario is unclear. We developed an open-source attack propagation tool, which can calculate an attack graph based on the software architecture. This tool could help software architects to identify potential critical attack paths. Additionally, we extended the used access control metamodel to support a scenario-based access control analysis

Improving the performance of trickle-based data dissemination in low-power networks

Trickle is a polite gossip algorithm for managing communication traffic. It is of particular interest in low-power wireless networks for reducing the amount of control traffic, as in routing protocols (RPL), or reducing network congestion, as in multicast protocols (MPL). Trickle is used at the network or application level, and relies on up-to-date information on the activity of neighbors. This makes it vulnerable to interference from the media access control layer, which we explore in this paper. We present several scenarios how the MAC layer in low-power radios violates Trickle timing. As a case study, we analyze the impact of CSMA/CA with ContikiMAC on Trickle's performance. Additionally, we propose a solution called Cleansing that resolves these issues

Evolution specification evaluation in industrial MDSE ecosystems

Domain-specific languages (DSLs) allow users to model systems using concepts from a specific domain. Evolution of DSLs triggers co-evolution of models developed in these languages. When the number of models that needs to co-evolve increases, so does the required effort to do so. This is called the co-evolution problem. We have investigated the extent of the co-evolution problem at ASML [1], provider of lithography equipment for the semiconductor industry. Here we have described the structure and evolution of a large-scale ecosystem of DSLs. We have observed that due to the large number of artifacts that require coevolutionary activity, manual solutions have become unfeasible, and an automated approach is required. A popular approach for automating co-evolution is the operator-based approach. In this paper we have evaluated the operator-based approach on a large-scale industrial case-study of twenty-two DSLs and 95 model-to-model transformations with a revision history of over three years, and have revealed deficiencies in existing operator libraries. To address these deficiencies we have presented a topdown methodology to derive a complete set of operators

Architectural Attack Propagation Analysis for Identifying Confidentiality Issues

Exchanging data between different systems enables us to build new smart services and digitise various areas of our daily life. This digitalisation leads to more efficient usage of resources, and an increased monetary value. However, the connection of different systems also increases the number of potential vulnerabilities. The vulnerabilities on their own might be harmless, but attackers could build attack paths based on the combination of different vulnerabilities. Additionally, attackers might exploit existing access control policies to further propagate through the system. For analysing this dependency between vulnerabilities and access control policies, we extended an architecture description language (ADL) to model access control policies and specify vulnerabilities. We developed an attack propagation analysis operating on the extended ADL, which can help to determine confidentiality violations in a system. We evaluated our approach by analysing the accuracy and the effort compared to a manual analysis using different scenarios in three case studies. The results indicate that our analysis is capable of identifying attack paths and reducing the effort compared to manual detection

Architectural Attack Propagation Analysis for Identifying Confidentiality Issues

Exchanging data between different systems enables us to build new smart services and digitise various areas of our daily life. This digitalisation leads to more efficient usage of resources, and an increased monetary value. However, the connection of different systems also increases the number of potential vulnerabilities. The vulnerabilities on their own might be harmless, but attackers could build attack paths based on the combination of different vulnerabilities. Additionally, attackers might exploit existing access control policies to further propagate through the system. For analysing this dependency between vulnerabilities and access control policies, we extended an architecture description language (ADL) to model access control policies and specify vulnerabilities. We developed an attack propagation analysis operating on the extended ADL, which can help to determine confidentiality violations in a system. We evaluated our approach by analysing the accuracy and the effort compared to a manual analysis using different scenarios in three case studies. The results indicate that our analysis is capable of identifying attack paths and reducing the effort compared to manual detection

Partial-order reduction for parity games with an application on parameterised Boolean Equation Systems (Technical Report)

Partial-order reduction (POR) is a well-established technique to combat the problem of state-space explosion. Most approaches in literature focus on Kripke structures or labelled transition systems and preserve a form of stutter/weak trace equivalence or weak bisimulation. Therefore, they are at best applicable when checking weak modal mucalculus. We propose to apply POR on parity games, which can encode the combination of a transition system and a temporal property. Our technique allows one to apply POR in the setting of mu-calculus model checking. We show with an example that the reduction achieved on parity games can be significantly larger. Furthermore, we identify and repair an issue where stubborn sets do not preserve stutter equivalence

Ontologies in domain specific languages : a systematic literature review

The systematic literature review conducted in this paper explores the current techniques employed to leverage the development of DSLs using ontologies. Similarities and differences between ontologies and DSLs, techniques to combine DSLs with ontologies, the rationale of these techniques and challenges in the DSL approaches addressed by the used techniques have been investigated. Details about these topics have been provided for each relevant research paper that we were able to investigate in the limited amount of time of one month. At the same time, a synthesis describing the main trends in all the topics mentioned above has been done