Early-stage security analysis can be used for a preliminary assessment of the security level of a system, thus providing useful insights to guide the whole system’s development. In this paper, we focus on a specific meta-level modeling framework for security analysis, ADVISE Meta, which allows representing a system using generic built-in blocks and relationships constituting the ontology of the framework, and to automatically derive complex low-level stochastic models representing attack steps and adversaries. In this paper, we extend the ADVISE Meta ontology to enlarge the variety of the possible attack paths and adversaries that can be represented in the framework, by modeling (i) attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and (ii) the adversaries’ profiles defined in the Threat Agent Library (TAL), a reference library which describes the characteristics of threat agents. The paper provides a detailed description of the whole process for extending the ADVISE Meta ontology, and the application of the extended modeling framework for an early-stage security analysis of a public transport supervision system. The framework enables a variety of security-oriented analyses, in particular to assess the probability that a given adversary can successfully reach a specific goal, to analyze the most probable attack path that adversaries can follow to reach a goal, to perform sensitivity analysis at varying of attack patterns and adversaries’ profiles, to compare different architectural solutions, and to identify the system’s components that can be more probably attacked by adversaries.

An extension of the ADVISE Meta modeling framework and its application for an early-stage security analysis of a public transport supervision system / Mariotti F.; Bondavalli A.; Lollini P.; Montecchi L.; Nardi S.. - In: JOURNAL OF RELIABLE INTELLIGENT ENVIRONMENTS. - ISSN 2199-4676. - ELETTRONICO. - 9:(2023), pp. 263-281. [10.1007/s40860-023-00209-5]

An extension of the ADVISE Meta modeling framework and its application for an early-stage security analysis of a public transport supervision system

Mariotti F.
;
Bondavalli A.;Lollini P.;Montecchi L.;
2023

Abstract

Early-stage security analysis can be used for a preliminary assessment of the security level of a system, thus providing useful insights to guide the whole system’s development. In this paper, we focus on a specific meta-level modeling framework for security analysis, ADVISE Meta, which allows representing a system using generic built-in blocks and relationships constituting the ontology of the framework, and to automatically derive complex low-level stochastic models representing attack steps and adversaries. In this paper, we extend the ADVISE Meta ontology to enlarge the variety of the possible attack paths and adversaries that can be represented in the framework, by modeling (i) attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and (ii) the adversaries’ profiles defined in the Threat Agent Library (TAL), a reference library which describes the characteristics of threat agents. The paper provides a detailed description of the whole process for extending the ADVISE Meta ontology, and the application of the extended modeling framework for an early-stage security analysis of a public transport supervision system. The framework enables a variety of security-oriented analyses, in particular to assess the probability that a given adversary can successfully reach a specific goal, to analyze the most probable attack path that adversaries can follow to reach a goal, to perform sensitivity analysis at varying of attack patterns and adversaries’ profiles, to compare different architectural solutions, and to identify the system’s components that can be more probably attacked by adversaries.
2023
9
263
281
Mariotti F.; Bondavalli A.; Lollini P.; Montecchi L.; Nardi S.
File in questo prodotto:
File Dimensione Formato  
s40860-023-00209-5(1).pdf

accesso aperto

Tipologia: Pdf editoriale (Version of record)
Licenza: Open Access
Dimensione 1.45 MB
Formato Adobe PDF
1.45 MB Adobe PDF

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificatore per citare o creare un link a questa risorsa: https://hdl.handle.net/2158/1330674
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact