110 research outputs found

    Streamlining Attack Tree Generation: A Fragment-Based Approach

    Get PDF
    Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size, necessitating a significant amount of resources to generate. In addition, generating composited attack models for complex systems such as self-adaptive or AI is very difficult due to their nature to continuously change. In this paper, we present a novel fragment-based attack graph generation approach that utilizes information from publicly available information security databases. Furthermore, we also propose a domain-specific language for attack modeling, which we employ in the proposed attack graph generation approach. Finally, we present a demonstrator example showcasing the attack generator\u27s capability to replicate a verified attack chain, as previously confirmed by security experts

    A systematic review on security and safety of self-adaptive systems

    Get PDF
    Context: Cyber–physical systems (CPS) are increasingly self-adaptive, i.e. they have the ability to introspect and change their behavior. This self-adaptation process must be considered when modeling the safety and security aspects of the system. Objective: This study collects and compares security attacks and safety hazards on self-adaptive systems (SAS) described in the literature. In addition, mitigation and treatment strategies, as well as the modeling and analysis approaches, are investigated. Method: We conducted a systematic literature review on 21 selected papers. The selection process included a database search on four scientific databases using a common search string (1430 papers), forward and backward snowballing (1402 papers), and filtering the results based on predefined inclusion and exclusion criteria. The coding scheme to analyze the content of the papers was obtained through research questions, existing domain-specific taxonomies, and open coding. Results: Safety and security are not jointly modeled in the context of self-adaptive systems. The adaptation process is often not considered in the attack and hazard analysis due to naive assumptions and modeling. The proposed approaches are mostly verified and validated through simulation often using simple use cases and scenarios. Conclusion: A thorough and joint modeling approach for safety and security in self-adaptive systems is still an open challenge that needs to be addressed. Further work is needed to address the gap between safety and security modeling in self-adaptive systems

    Model-Based Generation of Attack-Fault Trees

    Get PDF
    Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules

    Phase transition in bulk single crystals and thin films of VO2 by nanoscale infrared spectroscopy and imaging

    Get PDF
    We have systematically studied a variety of vanadium dioxide (VO2) crystalline forms, including bulk single crystals and oriented thin films, using infrared (IR) near-field spectroscopic imaging techniques. By measuring the IR spectroscopic responses of electrons and phonons in VO2 with sub-grain-size spatial resolution (∼20nm), we show that epitaxial strain in VO2 thin films not only triggers spontaneous local phase separations, but also leads to intermediate electronic and lattice states that are intrinsically different from those found in bulk. Generalized rules of strain- and symmetry-dependent mesoscopic phase inhomogeneity are also discussed. These results set the stage for a comprehensive understanding of complex energy landscapes that may not be readily determined by macroscopic approaches

    Fracture-related outcome study for operatively treated tibia shaft fractures (F.R.O.S.T.): registry rationale and design

    Get PDF
    Background: Tibial shaft fractures (TSFs) are among the most common long bone injuries often resulting from high-energy trauma. To date, musculoskeletal complications such as fracture-related infection (FRI) and compromised fracture healing following fracture fixation of these injuries are still prevalent. The relatively high complication rates prove that, despite advances in modern fracture care, the management of TSFs remains a challenge even in the hands of experienced surgeons. Therefore, the Fracture-Related Outcome Study for operatively treated Tibia shaft fractures (F.R.O.S.T.) aims at creating a registry that enables data mining to gather detailed information to support future clinical decision-making regarding the management of TSF’s. Methods: This prospective, international, multicenter, observational registry for TSFs was recently developed. Recruitment started in 2019 and is planned to take 36 months, seeking to enroll a minimum of 1000 patients. The study protocol does not influence the clinical decision-making procedure, implant choice, or surgical/imaging techniques; these are being performed as per local hospital standard of care. Data collected in this registry include injury specifics, treatment details, clinical outcomes (e.g., FRI), patient-reported outcomes, and procedure- or implant-related adverse events. The minimum follow up is 12 months. Discussion: Although over the past decades, multiple high-quality studies have addressed individual research questions related to the outcome of TSFs, knowledge gaps remain. The scarcity of data calls for an international high-quality, population-based registry. Creating such a database could optimize strategies intended to prevent severe musculoskeletal complications. The main purpose of the F.R.O.S.T registry is to evaluate the association between different treatment strategies and patient outcomes. It will address not only operative techniques and implant materials but also perioperative preventive measures. For the first time, data concerning systemic perioperative antibiotic prophylaxis, the influence of local antimicrobials, and timing of soft-tissue coverage will be collected at an international level and correlated with standardized outcome measures in a large prospective, multicenter, observational registry for global accessibility. Trial registration: ClinicalTrials.gov: NCT03598530

    Zur automatischen Verifikation von UML 2 Aktivitätsdiagrammen

    No full text
    One approach to face the increasing demands on the performance and quality of modern software systems is given by the modeldriven software development (MDSD). The use of models increases the abstraction level in software development and allows an enhancement of productivity by automation. The Unified Modeling Language (UML) version 2 is a wide-spread graphical modeling language applied for this purpose. It defines several diagram types to describe a system from different points of view. Activity diagrams consist of actions which may be connected by control- and objectflows. Control nodes are provided for a more detailed control of flows. These nodes split, merge and join flows or decide among different alternatives. Special actions allow for sending and receiving signals or the consideration of time aspects. Besides the increase of productivity, another advantage of abstraction is verification. Contrary to tests, verification does not only find errors, but it can prove their absence. This thesis presents an approach for model checking of UML 2 activity diagrams. A transformation of these diagrams into a state transition system is developed in order to reuse existing tools. This flexibility concerning the underlying model checker makes it possible to profit by further enhancements in this area of research. Whereas previous approaches cover only few aspects of activity diagrams, this thesis includes more difficult aspects like object flows, signal handling and interruptible activity regions. Additionally, the semantics can be adjusted to individual needs by semantic variation points. The formal results of this thesis are also prototypically integrated into a tool for modeldriven development with UML 2 activity diagrams. The formal results of this thesis are also prototypically integrated into a tool for modeldriven development with UML 2 activity diagrams
    corecore