A Model-Driven Process for Physical Protection System Design and Vulnerability Evaluation

Part of the Topics in Safety, Risk, Reliability and Quality book series (TSRQ, volume 27)


Vulnerability of railway physical assets against adversary’s attacks is affected by a number of factors, hence the effectiveness of the physical security system in charge of protecting the potential targets is a crucial aspect in homeland security applications. This chapter addresses vulnerability modeling and analysis with a special focus on designing physical protection system for railways security. The Model-Driven process developed within the METRIP project is presented, which supports the automatic generation of vulnerability analysis models and the instantiation of optimization model templates for the localization of the protection devices. The steps and the aspects covered by the proposed process are described: the UML profile which has been developed to extend UML with protection and physical vulnerability concepts, the model transformations implementing the interface towards the optimization models and the automated generation of vulnerability models, as well as the mechanism to return the results to the designer. Finally, the overall process has been applied to a railway station from the METRIP case study.


Physical vulnerability Model transformation Railway infrastructure system UML profile Model-driven security 


  1. 1.
    Selic B (2012) The less well known UML: a short user guide. In: Proceedings of the 12th international conference on formal methods for the design of computer, communication, and software systems: formal methods for model-driven engineering, SFM’12. Springer-Verlag, Berlin, Heidelberg, pp 1–20Google Scholar
  2. 2.
    Volter M (2011) From programming to modeling—and back again. IEEE Softw 28(6):20–25CrossRefGoogle Scholar
  3. 3.
    Selic B (2007) A systematic approach to domain-specific language design using UML. In: 10th IEEE international symposium on object and component-oriented real-time distributed computing (ISORC’07), pp 2–9Google Scholar
  4. 4.
    National Consortium for the Study of Terrorism and Responses to Terrorism (START) (2012) RAND NDSI project: database of worldwide terrorist incidents.
  5. 5.
    METRIP project. RIS Terrorist Attack Database (RISTAD). Available:
  6. 6.
    Marrone S, Nardone R, Tedesco A, D’Amore P, Vittorini V, Setola R, De Cillis F, Mazzocca N (2013) Vulnerability analysis and modeling for critical infrastructure protection. In: Seventh annual IFIP working group 11.10 international conference on critical infrastructure protection, 18–20 March 2013Google Scholar
  7. 7.
    OMG (2011) UML profile for MARTE: modeling and analysis of real-time embedded systems, June 2011. Version 1.1, formal/11-06-02Google Scholar
  8. 8.
    Czarnecki K, Helsen S (2006) Feature-based survey of model transformation approaches. IBM Syst J 45(3):621–645CrossRefGoogle Scholar
  9. 9.
    Schmidt DC (2006) Model-driven engineering. IEEE Comput 39(2):25–31CrossRefGoogle Scholar
  10. 10.
    Charniak E (2012) Bayesian networks without tears: making Bayesian networks more accessible to the probabilistically unsophisticated. In: American Association for artificial intelligence, vol 4, pp 50–63, Maj 2012Google Scholar
  11. 11.
    del Aguila IM, del Sagrado J (2012) Metamodeling of bayesian networks for decision-support systems development. In: Proceedings of 8th workshop on knowledge engineering and software engineering (KESE8), August 2012Google Scholar
  12. 12.
    Garcia ML (2005) Vulnerability assessment of physical protection systems. Butterworth-Heinemann, BostonGoogle Scholar
  13. 13.
    Garcia ML (2007) Design and evaluation of physical protection systems. Butterworth-Heinemann, BostonGoogle Scholar
  14. 14.
    Bagheri E, Ghorbani AA (2010) UML-CI: A reference model for profiling critical infrastructure systems. Inf Syst Front 12(2):115–139CrossRefGoogle Scholar
  15. 15.
    Lund MS, Solhaug B, Stølen K (2011) Risk analysis of changing and evolving systems using CORAS. In: Foundations of security analysis and design vi. Springer-Verlag, Berlin, Heidelberg, pp 231–274Google Scholar
  16. 16.
    Jürjens J (2005) Secure systems development with UML. Springer, New YorkGoogle Scholar
  17. 17.
    Bernardi S, Merseguer J, Petriu DC (2011) A dependability profile within MARTE. Soft Syst Model 10(3):313–336CrossRefGoogle Scholar
  18. 18.
    Fleurey F, Steel J, Baudry B (2004) Validation in model-driven engineering: testing model transformations. In: Proceedings of first international workshop on model, design and validation, 2004, pp 29–40Google Scholar
  19. 19.
    Asztalos M, Lengyel L, Levendovszky T (2010) Towards automated, formal verification of model transformations. In: 2010 third international conference on software testing, verification and validation (ICST), pp 15–24Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Electrical Engineering and Information Technology (DIETI)University of Naples Federico IINaplesItaly
  2. 2.Department of Mathematics and PhysicsSecond University of NaplesCasertaItaly

Personalised recommendations