DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis

Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain

Attack-defense trees

Attack-defense trees are a novel methodology for graphical security modelling and assessment. They extend the well- known formalism of attack trees by allowing nodes that represent defensive measures to appear at any level of the tree. This enlarges the modelling capabilities of attack trees and makes the new formalism suitable for representing interactions between an attacker and a defender. Our formalization supports different semantical approaches for which we provide usage scenarios. We also formalize how to quantitatively analyse attack and defense scenarios using attribute

Method and Technology for Ensuring the Software Security by Identifying and Classifying the Failures and Vulnerabilities

The conducted literature review on known methods and technologies for providing the software security and for identifying the failures and vulnerabilities of software showed that, although the analyzed methods and technologies have great potential for the field of software engineering, none of the known solutions are intended for identification and classification of software failures and vulnerabilities. Therefore, it is necessary to develop a method for ensuring the software security by identifying and classifying the failures and vulnerabilities, as well as to design and implement a technology for ensuring the software security by identifying and classifying the failures and vulnerabilities, which is the goal of this study. The developed in this paper method for ensuring the software security by identifying and classifying the failures and vulnerabilities provides a conclusion as to whether a failure occurred, and if a failure occurred, its type is issued to the user. In addition, the developed method for ensuring the software security by identifying and classifying the failures and vulnerabilities provides a conclusion as to whether a feature is a vulnerability, and if the feature is a vulnerability, its type is issued to the user. The paper also develops a technology for ensuring the software security by identifying and classifying the failures and vulnerabilities, which provides a conclusion on the presence or absence of software failure(s); conclusion on the presence or absence of software vulnerability(s); conclusion about the type of failure and the type of vulnerability in case of their presence, thanks to which the proposed technology is useful for software users due to the identification and classification of failures and vulnerabilities

National Aeronautics and Space Administration (NASA)/American Society for Engineering Education (ASEE) Summer Faculty Fellowship Program 1988, volume 1

The 1988 Johnson Space Center (JSC) National Aeronautics and Space Administration (NASA)/American Society for Engineering Education (ASEE) Summer Faculty Fellowship Program was conducted by the University of Houston and JSC. The 10-week program was operated under the auspices of the ASEE. The program at JSC, as well as the programs at other NASA Centers, was funded by the Office of University Affairs, NASA Headquarters, Washington, D.C. The objectives of the program, which began in 1965 at JSC and in 1964 nationally, are (1) to further the professional knowledge of qualified engineering and science faculty members; (2) to stimulate an exchange of ideas between participants and NASA; (3) to enrich and refresh the research and teaching activities of participants' institutions; and (4) to contribute to the research objectives of the NASA Centers

UAV swarm attack: protection system alternatives for Destroyers

Systems Engineering Project ReportThe Navy needs to protect Destroyers (DDGs) from Unmanned Aerial Vehicle (UAV) attacks. The team, focusing on improving the DDG’s defenses against small radar cross section UAVs making suicide attacks, established a DRM, identified current capability gaps, established a functional flow, created requirements, modeled the DDG’s current sensing and engagement capabilities in Microsoft Excel, and used Monte Carlo analysis of 500 simulation runs to determine that four out of eight incoming IED UAVs are likely to hit the ship. Sensitivity analysis showed that improving weapon systems is more effec-tive than improving sensor systems, inspiring the generation of alternatives for improving UAV defense. For the eight feasible alternatives the team estimated cost, assessed risk in accordance with the requirements, simulated performance against the eight incoming UAVs, and performed cost benefit analysis. Adding CIWS mounts is the most cost effec-tive alternative, reducing the average number of UAV hits from a baseline of 3.82 to 2.50, costing $816M to equip the 62-DDG fleet for a 12-year life cycle. Combining that with upgraded EW capabilities to jam remote-controlled UAVs reduces the hits to 1.56 for$1844M, and combining those with decoy launchers to defeat the radar-seeking Har-py UAVs reduces the hits to 1.12 for $2862M.http://archive.org/details/uavswarmttackpro1094528669Approved for public release; distribution is unlimited.Approved for public release; distribution is unlimited

Contribution to Quality-driven Evolutionary Software Development process for Service-Oriented Architectures

The quality of software is a key element for the successful of a system. Currently, with the advance of the technology, consumers demand more and better services. Models for the development process have also to be adapted to new requirements. This is particular true in the case of service oriented systems (domain of this thesis), where an unpredictable number of users can access to one or several services. This work proposes an improvement in the models for the software development process based on the theory of the evolutionary software development. The main objective is to maintain and improve the quality of software as long as possible and with the minimum effort and cost. Usually, this process is supported on methods known in the literature as agile software development methods. Other key element in this thesis is the service oriented software architecture. Software architecture plays an important role in the quality of any software system. The Service oriented architecture adds the service flexibility, the services are autonomous and compact assets, and they can be improved and integrated with better facility. The proposed model in this thesis for evolutionary software development makes emphasis in the quality of services. Therefore, some principles of evolutionary development are redefined and new processes are introduced, such as: architecture assessment, architecture recovery and architecture conformance. Every new process will be evaluated with case studies considering quality aspects. They have been selected according to the market demand, they are: the performance, security and evolutionability. Other aspects could be considered of the same way than the three previous, but we believe that these quality attributes are enough to demonstrate the viability of our proposal