Scaling security in a cloud environment v0.5 (Sep 2017)
paper 35_Using SysML for model-based vulnerability assessment_Soroush_Bassam_031615_2-2
1. CSER 2015 March 18-19, 2015 1
Using SysML for model-based vulnerability
assessment
By
Soroush Bassam, Jeffrey W. Herrmann, Linda C. Schmidt
13th Annual Conference on Systems Engineering Research (CSER)
March 19, 2015
Stevens Institute of Technology
Hoboken, NJ
www.stevens.edu/sse/CSER2015org
2. CSER 2015 March 18-19, 2015 2
• Physical Protection Systems
―Objective
o To protect assets from threats
―Elements
o People (e.g. response force)
o Procedure (e.g. alarm assessment)
o Components (e.g. sensors)
―Functions
o Detection
o Delay
o Response
• Vulnerability Assessment
―VA Evaluation Process
o PPS Objective determination
o PPS Design
o PPS Analysis
―Performance-based vs.
Compliance-based
o Performance vs. Presence
o Models vs. Checklists
• Model-based Systems
Engineering (MBSE)
―Structure Models
―Behavior Models
Introduction
Coherent model
of the system
4. CSER 2015 March 18-19, 2015 4
Vulnerability Assessment
Evaluation Process
1) PPS objective
determination
•Facility
characterization
•Asset
identification
•Threat
identification
2) PPS design
•Detection
•Delay
•Response
3) PPS Analysis
•EASI Model
•Adversary
Sequence
Diagram (ASD)
Facility Model
PPS Model
PPS Model
EASI Model
Scenario Model
Adversary Model
5. CSER 2015 March 18-19, 2015 5
Using SysML Models for an
Example Facility*
Element Icon
Fence
Exterior Sensor
CCTV
Light
Gate/Roll-Up Door
Interior Sensor *
Wall
Personnel/Cargo flow
Asset
Adversary Path
Adversary Task
*Source: Garcia, Vulnerability Assessment, 2006
Facility Description:
• Building: Office area; Storage area; Staging area
• PPS Components: Fence, Sensors, CCTV, Light, Gate
• Asset located in the controlled room
List of symbols
6. CSER 2015 March 18-19, 2015 6
Facility Characterization And Asset
Identification Using SysML BDD
7. CSER 2015 March 18-19, 2015 7
Threat Identification Using
SysML BDD
8. CSER 2015 March 18-19, 2015 8
PPS Detection and Delay
Representation Using SysML BDD
9. CSER 2015 March 18-19, 2015 9
PPS Response Representation
Using SysML BDD
10. CSER 2015 March 18-19, 2015 10
PPS Analysis Using SysML
Activity Diagram
Adversary tasks:
1. crossing the perimeter
2. running to the roll-up door
3. penetrating through the roll-up door
4. running to the storage vault
5. stealing the asset
6. exiting to outside
7. crossing the perimeter
8. entering the second vehicle ASD Diagram
11. CSER 2015 March 18-19, 2015 11
PPS Analysis Using SysML
Activity Diagram
12. CSER 2015 March 18-19, 2015 12
PPS Analysis Using SysML
Activity Diagram
13. CSER 2015 March 18-19, 2015 13
SysML Parametric Diagram EASI Model
PPS Analysis Using SysML Parametric
Diagram
Estimate of Adversary Sequence
Interruption (EASI) Model:
• A quantitative analysis tool
• Uses performance characteristics of
PPS components
• Determines the PPS performance for a
specific threat and attack scenario
14. CSER 2015 March 18-19, 2015 14
SysML Parametric Diagram EASI Model
PPS Analysis Using SysML Parametric
Diagram
Estimate of Adversary Sequence
Interruption (EASI) Model:
• A quantitative analysis tool
• Uses performance characteristics of
PPS components
• Determines the PPS performance for a
specific threat and attack scenario
15. CSER 2015 March 18-19, 2015 15
Facility Model
PPS Model
PPS Model
Adversary
Model
EASI ModelScenario Model
A Set of Interconnected Models
16. CSER 2015 March 18-19, 2015 16
Summary and Conclusion
• A set of interconnected models facilitates
modification of information and reduces the
time and cost of conducting VA
• This is a step toward model based VA;
Future studies will be focused on defining a
structured procedure independent of a
particular case
• Development of standards will further
facilitate VA tool development