2 research outputs found
Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis
Today, there is a plethora of software security tools employing
visualizations that enable the creation of useful and effective interactive
security analyst dashboards. Such dashboards can assist the analyst to
understand the data at hand and, consequently, to conceive more targeted
preemption and mitigation security strategies. Despite the recent advances,
model-based security analysis is lacking tools that employ effective
dashboards---to manage potential attack vectors, system components, and
requirements. This problem is further exacerbated because model-based security
analysis produces significantly larger result spaces than security analysis
applied to realized systems---where platform specific information, software
versions, and system element dependencies are known. Therefore, there is a need
to manage the analysis complexity in model-based security through better
visualization techniques. Towards that goal, we propose an interactive security
analysis dashboard that provides different views largely centered around the
system, its requirements, and its associated attack vector space. This tool
makes it possible to start analysis earlier in the system lifecycle. We apply
this tool in a significant area of engineering design---the design of
cyber-physical systems---where security violations can lead to safety hazards