Attack Modeling for System Security Analysis
Approaches to the safety analysis of software-intensive systems are being adapted to also provide security assurance. Extensions have been proposed to reflect the specific nature of security analysis by introducing intention as a causal factor to reaching unsafe state of the system, or by introducing new layers in the system modelling to model its surface of attack.
In this paper we propose to extend these approaches by modelling the attacks perspective alongside the system. We explain how such modelling could be used to verify the coverage of the security analysis and facilitate its maintenance.
KeywordsHazard analysis Security analysis Attack model
- 5.Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press, Cambridge (2011)Google Scholar
- 6.Leveson, N., Thomas, J.: An STPA Primer (2013). http://sunnyday.mit.edu/STPA-Primer-v0.pdf
- 8.Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi: 10.1007/978-3-319-45480-1_16 CrossRefGoogle Scholar
- 9.Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: Workshop on Dependable Embedded and Cyber-Physical Systems DECS of the 32nd International Conference on Computer Safety, Reliability and Security (2013)Google Scholar
- 10.Young, W., Leveson, N.: Systems thinking for safety and security. In: 29th Annual Computer Security Applications Conference ACSAC, pp. 1–8 (2013). doi: 10.1145/2523649.2530277