Abstract | ||
---|---|---|
In this paper, we address the issue of security verification and evaluation of systems at the design level. To this end, we elaborate a practical and formal framework that enables security risk assessment and security requirements verification on systems that are designed using SysML activity diagrams. Our approach is based on probabilistic adversarial interactions between potential attackers and the system design models. These interactions result in a global model that is used to quantify security risks by applying probabilistic model-checking. We rely on a standard catalogue of attack patterns to build a library of attacks' design patterns. To demonstrate the effectiveness of our approach, we apply it on a real-life case study related to the Secure Real Time Streaming Protocol. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1109/PST.2011.5971976 | Privacy, Security and Trust |
Keywords | Field | DocType |
formal verification,security of data,SysML activity diagrams,formal framework,model-based systems security quantification,probabilistic model-checking,security evaluation,security requirements verification,security risk assessment,security verification,Activity Diagrams,Attack Pattern,Probabilistic verification,Risk Assessment,Security,SysML,Vulnerability detection | Security testing,Attack patterns,Computer science,Computer security,Software design pattern,Systems design,Probabilistic logic,Systems Modeling Language,Computer security model,Formal verification | Conference |
ISSN | ISBN | Citations |
1712-364X | 978-1-4577-0582-3 | 9 |
PageRank | References | Authors |
0.63 | 20 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Samir Ouchani | 1 | 77 | 12.48 |
Yosr Jarraya | 2 | 173 | 14.52 |
Otmane Aït Mohamed | 3 | 216 | 35.48 |