SlideShare ist ein Scribd-Unternehmen logo

paper 35_Using SysML for model-based vulnerability assessment_Soroush_Bassam_031615_2-2

Als PPTX, PDF herunterladen
S. Soroush Bassam
S. Soroush Bassam
1 von 17
CSER 2015 March 18-19, 2015 1 Using SysML for model-based vulnerability assessment By Soroush Bassam, Jeffrey W. Herrmann, Linda C. Schmidt 13th Annual Conference on Systems Engineering Research (CSER) March 19, 2015 Stevens Institute of Technology Hoboken, NJ www.stevens.edu/sse/CSER2015org
CSER 2015 March 18-19, 2015 2 • Physical Protection Systems ―Objective o To protect assets from threats ―Elements o People (e.g. response force) o Procedure (e.g. alarm assessment) o Components (e.g. sensors) ―Functions o Detection o Delay o Response • Vulnerability Assessment ―VA Evaluation Process o PPS Objective determination o PPS Design o PPS Analysis ―Performance-based vs. Compliance-based o Performance vs. Presence o Models vs. Checklists • Model-based Systems Engineering (MBSE) ―Structure Models ―Behavior Models Introduction  Coherent model of the system
CSER 2015 March 18-19, 2015 3 Vulnerability Assessment Evaluation Process 1) PPS objective determination •Facility characterization •Asset identification •Threat identification 2) PPS design •Detection •Delay •Response 3) PPS Analysis •EASI Model •Adversary Sequence Diagram (ASD)
CSER 2015 March 18-19, 2015 4 Vulnerability Assessment Evaluation Process 1) PPS objective determination •Facility characterization •Asset identification •Threat identification 2) PPS design •Detection •Delay •Response 3) PPS Analysis •EASI Model •Adversary Sequence Diagram (ASD) Facility Model PPS Model PPS Model EASI Model Scenario Model Adversary Model
CSER 2015 March 18-19, 2015 5 Using SysML Models for an Example Facility* Element Icon Fence Exterior Sensor CCTV Light Gate/Roll-Up Door Interior Sensor * Wall Personnel/Cargo flow Asset Adversary Path Adversary Task *Source: Garcia, Vulnerability Assessment, 2006 Facility Description: • Building: Office area; Storage area; Staging area • PPS Components: Fence, Sensors, CCTV, Light, Gate • Asset located in the controlled room List of symbols
CSER 2015 March 18-19, 2015 6 Facility Characterization And Asset Identification Using SysML BDD
CSER 2015 March 18-19, 2015 7 Threat Identification Using SysML BDD
CSER 2015 March 18-19, 2015 8 PPS Detection and Delay Representation Using SysML BDD
CSER 2015 March 18-19, 2015 9 PPS Response Representation Using SysML BDD
CSER 2015 March 18-19, 2015 10 PPS Analysis Using SysML Activity Diagram Adversary tasks: 1. crossing the perimeter 2. running to the roll-up door 3. penetrating through the roll-up door 4. running to the storage vault 5. stealing the asset 6. exiting to outside 7. crossing the perimeter 8. entering the second vehicle ASD Diagram
CSER 2015 March 18-19, 2015 11 PPS Analysis Using SysML Activity Diagram
CSER 2015 March 18-19, 2015 12 PPS Analysis Using SysML Activity Diagram
CSER 2015 March 18-19, 2015 13 SysML Parametric Diagram EASI Model PPS Analysis Using SysML Parametric Diagram Estimate of Adversary Sequence Interruption (EASI) Model: • A quantitative analysis tool • Uses performance characteristics of PPS components • Determines the PPS performance for a specific threat and attack scenario
CSER 2015 March 18-19, 2015 14 SysML Parametric Diagram EASI Model PPS Analysis Using SysML Parametric Diagram Estimate of Adversary Sequence Interruption (EASI) Model: • A quantitative analysis tool • Uses performance characteristics of PPS components • Determines the PPS performance for a specific threat and attack scenario
CSER 2015 March 18-19, 2015 15 Facility Model PPS Model PPS Model Adversary Model EASI ModelScenario Model A Set of Interconnected Models
CSER 2015 March 18-19, 2015 16 Summary and Conclusion • A set of interconnected models facilitates modification of information and reduces the time and cost of conducting VA • This is a step toward model based VA; Future studies will be focused on defining a structured procedure independent of a particular case • Development of standards will further facilitate VA tool development
CSER 2015 March 18-19, 2015 17 Thank you!

Empfohlen

Systems: the Big Picture Beyond Software
Systems: the Big Picture Beyond SoftwareSystems: the Big Picture Beyond Software
Systems: the Big Picture Beyond SoftwareIvan Ruchkin
 
WHATs NEW IN RISK ASSESSMENT
WHATs NEW IN RISK ASSESSMENTWHATs NEW IN RISK ASSESSMENT
WHATs NEW IN RISK ASSESSMENTFred Travis
 
Kap5 Looking Forward
Kap5 Looking ForwardKap5 Looking Forward
Kap5 Looking ForwardJonas Ludvigsson
 
Kap 8 Treatment
Kap 8 TreatmentKap 8 Treatment
Kap 8 TreatmentJonas Ludvigsson
 
Model based vulnerability testing
Model based vulnerability testingModel based vulnerability testing
Model based vulnerability testingKupili Archana
 
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Lionel Briand
 
Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...
Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...
Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...Michael Changaris
 
SysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS Approach
SysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS ApproachSysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS Approach
SysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS ApproachAlessandra Bagnato
 

Empfohlen

Systems: the Big Picture Beyond Software
Systems: the Big Picture Beyond SoftwareSystems: the Big Picture Beyond Software
Systems: the Big Picture Beyond SoftwareIvan Ruchkin
 
WHATs NEW IN RISK ASSESSMENT
WHATs NEW IN RISK ASSESSMENTWHATs NEW IN RISK ASSESSMENT
WHATs NEW IN RISK ASSESSMENTFred Travis
 
Kap5 Looking Forward
Kap5 Looking ForwardKap5 Looking Forward
Kap5 Looking ForwardJonas Ludvigsson
 
Kap 8 Treatment
Kap 8 TreatmentKap 8 Treatment
Kap 8 TreatmentJonas Ludvigsson
 
Model based vulnerability testing
Model based vulnerability testingModel based vulnerability testing
Model based vulnerability testingKupili Archana
 
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Lionel Briand
 
Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...
Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...
Psychosis: Diathesis Stress Model (transition to adult levels of dopamine fro...Michael Changaris
 
SysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS Approach
SysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS ApproachSysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS Approach
SysML for Modeling Co-Simulation Orchestration over FMI, INTO-CPS ApproachAlessandra Bagnato
 
Development of a risk assessment system based on pattern matching of behaviou...
Development of a risk assessment system based on pattern matching of behaviou...Development of a risk assessment system based on pattern matching of behaviou...
Development of a risk assessment system based on pattern matching of behaviou...Stefan Kovacs
 
Automated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignAutomated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignLionel Briand
 
EASI Notes Briefing Sessions - Nivelles
EASI Notes Briefing Sessions - NivellesEASI Notes Briefing Sessions - Nivelles
EASI Notes Briefing Sessions - NivellesQuentin Poncelet
 
Biopsycosocial Model
Biopsycosocial ModelBiopsycosocial Model
Biopsycosocial Modelnh0627
 
Introduction to the BioPsychoSocial approach to Addiction
Introduction to the BioPsychoSocial approach to AddictionIntroduction to the BioPsychoSocial approach to Addiction
Introduction to the BioPsychoSocial approach to Addictionkavroom
 
The Power of Belief
The Power of BeliefThe Power of Belief
The Power of BeliefBruce Kasanoff
 
Lesson 4 biopsychosocial model
Lesson 4 biopsychosocial modelLesson 4 biopsychosocial model
Lesson 4 biopsychosocial modelCrystal Delosa
 
Risk Assessment and Reduction
Risk Assessment and ReductionRisk Assessment and Reduction
Risk Assessment and ReductionProf. David E. Alexander (UCL)
 
Biopsychosocial
BiopsychosocialBiopsychosocial
BiopsychosocialMimi Abesamis
 
Theories of stress
Theories of stressTheories of stress
Theories of stressIAU Dent
 
Stress theories
Stress theoriesStress theories
Stress theoriesD Dutta Roy
 
Current State and Challenges for Model-Based Security Testing
Current State and Challenges for Model-Based Security TestingCurrent State and Challenges for Model-Based Security Testing
Current State and Challenges for Model-Based Security TestingUniversity of Innsbruck, Blekinge Institute of Technology
 
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...Barbara Russo
 
Machine Learning in the Real World
Machine Learning in the Real WorldMachine Learning in the Real World
Machine Learning in the Real WorldSrinath Perera
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodologyRamiro Cid
 
The Art of Performance Evaluation
The Art of Performance EvaluationThe Art of Performance Evaluation
The Art of Performance EvaluationYuto Hayamizu
 
CS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdf
CS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdfCS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdf
CS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdfAALIM MUHAMMED SALEGH COLLEGE OF ENGINEERING
 
Measuring Safety Performance - An Analyst’s Perspective
Measuring Safety Performance - An Analyst’s PerspectiveMeasuring Safety Performance - An Analyst’s Perspective
Measuring Safety Performance - An Analyst’s Perspectivewalk_the_safety_talk
 
Ds for finance day 3
Ds for finance day 3Ds for finance day 3
Ds for finance day 3QuantUniversity
 
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...Andrea Montemaggio
 
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...Project Controls Expo
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 

Weitere ähnliche Inhalte

Andere mochten auch

Development of a risk assessment system based on pattern matching of behaviou...
Development of a risk assessment system based on pattern matching of behaviou...Development of a risk assessment system based on pattern matching of behaviou...
Development of a risk assessment system based on pattern matching of behaviou...Stefan Kovacs
 
Automated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignAutomated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignLionel Briand
 
EASI Notes Briefing Sessions - Nivelles
EASI Notes Briefing Sessions - NivellesEASI Notes Briefing Sessions - Nivelles
EASI Notes Briefing Sessions - NivellesQuentin Poncelet
 
Biopsycosocial Model
Biopsycosocial ModelBiopsycosocial Model
Biopsycosocial Modelnh0627
 
Introduction to the BioPsychoSocial approach to Addiction
Introduction to the BioPsychoSocial approach to AddictionIntroduction to the BioPsychoSocial approach to Addiction
Introduction to the BioPsychoSocial approach to Addictionkavroom
 
Lesson 4 biopsychosocial model
Lesson 4 biopsychosocial modelLesson 4 biopsychosocial model
Lesson 4 biopsychosocial modelCrystal Delosa
 
Theories of stress
Theories of stressTheories of stress
Theories of stressIAU Dent
 

Andere mochten auch (11)

Development of a risk assessment system based on pattern matching of behaviou...
Development of a risk assessment system based on pattern matching of behaviou...Development of a risk assessment system based on pattern matching of behaviou...
Development of a risk assessment system based on pattern matching of behaviou...
 
Automated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignAutomated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and Design
 
EASI Notes Briefing Sessions - Nivelles
EASI Notes Briefing Sessions - NivellesEASI Notes Briefing Sessions - Nivelles
EASI Notes Briefing Sessions - Nivelles
 
Biopsycosocial Model
Biopsycosocial ModelBiopsycosocial Model
Biopsycosocial Model
 
Introduction to the BioPsychoSocial approach to Addiction
Introduction to the BioPsychoSocial approach to AddictionIntroduction to the BioPsychoSocial approach to Addiction
Introduction to the BioPsychoSocial approach to Addiction
 
The Power of Belief
The Power of BeliefThe Power of Belief
The Power of Belief
 
Lesson 4 biopsychosocial model
Lesson 4 biopsychosocial modelLesson 4 biopsychosocial model
Lesson 4 biopsychosocial model
 
Risk Assessment and Reduction
Risk Assessment and ReductionRisk Assessment and Reduction
Risk Assessment and Reduction
 
Biopsychosocial
BiopsychosocialBiopsychosocial
Biopsychosocial
 
Theories of stress
Theories of stressTheories of stress
Theories of stress
 
Stress theories
Stress theoriesStress theories
Stress theories
 

Ähnlich wie paper 35_Using SysML for model-based vulnerability assessment_Soroush_Bassam_031615_2-2

Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...Barbara Russo
 
Machine Learning in the Real World
Machine Learning in the Real WorldMachine Learning in the Real World
Machine Learning in the Real WorldSrinath Perera
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodologyRamiro Cid
 
The Art of Performance Evaluation
The Art of Performance EvaluationThe Art of Performance Evaluation
The Art of Performance EvaluationYuto Hayamizu
 
Measuring Safety Performance - An Analyst’s Perspective
Measuring Safety Performance - An Analyst’s PerspectiveMeasuring Safety Performance - An Analyst’s Perspective
Measuring Safety Performance - An Analyst’s Perspectivewalk_the_safety_talk
 
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...Andrea Montemaggio
 
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...Project Controls Expo
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
How to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineHow to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineAlon Weiss
 
Supply chain risk management
Supply chain risk management Supply chain risk management
Supply chain risk management Megha Kotak, PMP
 
Testing Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveTesting Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveLionel Briand
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)lifove
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Dinis Cruz
 

Ähnlich wie paper 35_Using SysML for model-based vulnerability assessment_Soroush_Bassam_031615_2-2 (20)

Current State and Challenges for Model-Based Security Testing
Current State and Challenges for Model-Based Security TestingCurrent State and Challenges for Model-Based Security Testing
Current State and Challenges for Model-Based Security Testing
 
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
Mining System Logs to Learn Error Predictors, Universität Stuttgart, Stuttgar...
 
Machine Learning in the Real World
Machine Learning in the Real WorldMachine Learning in the Real World
Machine Learning in the Real World
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodology
 
The Art of Performance Evaluation
The Art of Performance EvaluationThe Art of Performance Evaluation
The Art of Performance Evaluation
 
CS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdf
CS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdfCS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdf
CS8080_IRT_UNIT - III T4 SUPERVISED ALGORITHMS.pdf
 
Measuring Safety Performance - An Analyst’s Perspective
Measuring Safety Performance - An Analyst’s PerspectiveMeasuring Safety Performance - An Analyst’s Perspective
Measuring Safety Performance - An Analyst’s Perspective
 
Ds for finance day 3
Ds for finance day 3Ds for finance day 3
Ds for finance day 3
 
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
SPS'20 - Designing a Methodological Framework for the Empirical Evaluation of...
 
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
Project Controls Expo, 18th Nov 2014 - "Schedule Risk Analysis for Complex Pr...
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Prediction
 
How to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipelineHow to apply machine learning into your CI/CD pipeline
How to apply machine learning into your CI/CD pipeline
 
Supply chain risk management
Supply chain risk management Supply chain risk management
Supply chain risk management
 
Testing Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveTesting Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal Perspective
 
Icsm05.ppt
Icsm05.pptIcsm05.ppt
Icsm05.ppt
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Data Mining 101
Data Mining 101Data Mining 101
Data Mining 101
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
 

paper 35_Using SysML for model-based vulnerability assessment_Soroush_Bassam_031615_2-2

  • 1. CSER 2015 March 18-19, 2015 1 Using SysML for model-based vulnerability assessment By Soroush Bassam, Jeffrey W. Herrmann, Linda C. Schmidt 13th Annual Conference on Systems Engineering Research (CSER) March 19, 2015 Stevens Institute of Technology Hoboken, NJ www.stevens.edu/sse/CSER2015org
  • 2. CSER 2015 March 18-19, 2015 2 • Physical Protection Systems ―Objective o To protect assets from threats ―Elements o People (e.g. response force) o Procedure (e.g. alarm assessment) o Components (e.g. sensors) ―Functions o Detection o Delay o Response • Vulnerability Assessment ―VA Evaluation Process o PPS Objective determination o PPS Design o PPS Analysis ―Performance-based vs. Compliance-based o Performance vs. Presence o Models vs. Checklists • Model-based Systems Engineering (MBSE) ―Structure Models ―Behavior Models Introduction  Coherent model of the system
  • 3. CSER 2015 March 18-19, 2015 3 Vulnerability Assessment Evaluation Process 1) PPS objective determination •Facility characterization •Asset identification •Threat identification 2) PPS design •Detection •Delay •Response 3) PPS Analysis •EASI Model •Adversary Sequence Diagram (ASD)
  • 4. CSER 2015 March 18-19, 2015 4 Vulnerability Assessment Evaluation Process 1) PPS objective determination •Facility characterization •Asset identification •Threat identification 2) PPS design •Detection •Delay •Response 3) PPS Analysis •EASI Model •Adversary Sequence Diagram (ASD) Facility Model PPS Model PPS Model EASI Model Scenario Model Adversary Model
  • 5. CSER 2015 March 18-19, 2015 5 Using SysML Models for an Example Facility* Element Icon Fence Exterior Sensor CCTV Light Gate/Roll-Up Door Interior Sensor * Wall Personnel/Cargo flow Asset Adversary Path Adversary Task *Source: Garcia, Vulnerability Assessment, 2006 Facility Description: • Building: Office area; Storage area; Staging area • PPS Components: Fence, Sensors, CCTV, Light, Gate • Asset located in the controlled room List of symbols
  • 6. CSER 2015 March 18-19, 2015 6 Facility Characterization And Asset Identification Using SysML BDD
  • 7. CSER 2015 March 18-19, 2015 7 Threat Identification Using SysML BDD
  • 8. CSER 2015 March 18-19, 2015 8 PPS Detection and Delay Representation Using SysML BDD
  • 9. CSER 2015 March 18-19, 2015 9 PPS Response Representation Using SysML BDD
  • 10. CSER 2015 March 18-19, 2015 10 PPS Analysis Using SysML Activity Diagram Adversary tasks: 1. crossing the perimeter 2. running to the roll-up door 3. penetrating through the roll-up door 4. running to the storage vault 5. stealing the asset 6. exiting to outside 7. crossing the perimeter 8. entering the second vehicle ASD Diagram
  • 11. CSER 2015 March 18-19, 2015 11 PPS Analysis Using SysML Activity Diagram
  • 12. CSER 2015 March 18-19, 2015 12 PPS Analysis Using SysML Activity Diagram
  • 13. CSER 2015 March 18-19, 2015 13 SysML Parametric Diagram EASI Model PPS Analysis Using SysML Parametric Diagram Estimate of Adversary Sequence Interruption (EASI) Model: • A quantitative analysis tool • Uses performance characteristics of PPS components • Determines the PPS performance for a specific threat and attack scenario
  • 14. CSER 2015 March 18-19, 2015 14 SysML Parametric Diagram EASI Model PPS Analysis Using SysML Parametric Diagram Estimate of Adversary Sequence Interruption (EASI) Model: • A quantitative analysis tool • Uses performance characteristics of PPS components • Determines the PPS performance for a specific threat and attack scenario
  • 15. CSER 2015 March 18-19, 2015 15 Facility Model PPS Model PPS Model Adversary Model EASI ModelScenario Model A Set of Interconnected Models
  • 16. CSER 2015 March 18-19, 2015 16 Summary and Conclusion • A set of interconnected models facilitates modification of information and reduces the time and cost of conducting VA • This is a step toward model based VA; Future studies will be focused on defining a structured procedure independent of a particular case • Development of standards will further facilitate VA tool development
  • 17. CSER 2015 March 18-19, 2015 17 Thank you!