A model-driven approach to survivability requirements assessment for critical systems

Survivability is a crucial property for those systems – such as critical infrastructures or military Command and Control Information Systems – that provide essential services, since the latter must be operational even when the system is compromised due to attack or faults. This article proposes a model-driven method and a tool –MASDES– to assess the survivability requirements of critical systems. The method exploits the use of (1) (mis)use case technique and UML profiling for the specification of the survivability requirements and (2) Petri nets and model checking techniques for the requirement assessment. A survivability assessment model is obtained from an improved specification of misuse cases, which encompasses essential services, threats and survivability strategies. The survivability assessment model is then converted into a Petri net model for verifying survivability properties through model checking. The MASDES tool has been developed within the Eclipse workbench and relies on Papyrus tool for UML. It consists of a set of plug-ins that enable (1) to create a survivability system view using UML and profiling techniques and (2) to verify survivability properties. In particular, the tool performs model transformations in two steps. First, a model-to-model transformation generates, from the survivability view, a Petri net model and properties to be checked in a tool-independent format. Second, model-to-text transformations produce the Petri net specifications for the model checkers. A military Command and Control Information Systems has been used as a case study to apply the method and to evaluate the MASDES tool, within an iterative-incremental software development process

Dependability and Survivability Evaluation of a Water Distribution Process with Arcade

Among others, drinking water belongs to the socalled critical infrastructures. To ensure that the water production meets current and future societal needs, a systematic and rigorous analysis is needed. In this paper, we report our first experience with dependability analysis of the last phase of a water treatment facility, namely the water distribution. We use the architectural language Arcade to model this facility and use the Arcade toolset to compute three relevant dependability measures: the availability of the water distribution, the reliability, i.e., the probability that the water distribution fails, and the survivability, that is, the ability to recover from disasters. Since survivability is not directly expressible in the Arcade formalism, we show how one can modify the toolchain for the analysis of survivability.\u

Survivability study of a Water Cleaning Facility using Fluid Stochastic Petri Nets

This paper investigates the survivability of a water cleaning facility using Fluid Stochastic Petri Nets (FSPNs). Water cleaning facilities are responsible for providing drinking water to a specific district. The provided service is very important and makes such facilities belong to a nation's critical infrastructures. Therefore, such a facility should be able to recover in a timely manner after the occurrence of disasters. The use of FSPNs in survivability research is new and promising due to its general applicability. In this paper we model and analyze the survivability of of the last phases of the water cleaning process in a Dutch water company. Analysis results identify the weaknesses of the process and redundancy is suggested to improve the survivability

An Empirical Study on Android-related Vulnerabilities

Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones affecting the Android OS. In particular, we (i) define a detailed taxonomy of the types of Android-related vulnerability; (ii) investigate the layers and subsystems from the Android OS affected by vulnerabilities; and (iii) study the survivability of vulnerabilities (i.e., the number of days between the vulnerability introduction and its fixing). Our findings could help OS and apps developers in focusing their verification & validation activities, and researchers in building vulnerability detection tools tailored for the mobile world

Stochastic model checking for predicting component failures and service availability

When a component fails in a critical communications service, how urgent is a repair? If we repair within 1 hour, 2 hours, or n hours, how does this affect the likelihood of service failure? Can a formal model support assessing the impact, prioritisation, and scheduling of repairs in the event of component failures, and forecasting of maintenance costs? These are some of the questions posed to us by a large organisation and here we report on our experience of developing a stochastic framework based on a discrete space model and temporal logic to answer them. We define and explore both standard steady-state and transient temporal logic properties concerning the likelihood of service failure within certain time bounds, forecasting maintenance costs, and we introduce a new concept of envelopes of behaviour that quantify the effect of the status of lower level components on service availability. The resulting model is highly parameterised and user interaction for experimentation is supported by a lightweight, web-based interface

Model-Based Mitigation of Availability Risks

The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management