An extension of the ADVISE Meta modeling framework and its application for an early-stage security analysis of a public transport supervision system

Abstract

Early-stage security analysis can be used for a preliminary assessment of the security level of a system, thus providing useful insights to guide the whole system’s development. In this paper, we focus on a specific meta-level modeling framework for security analysis, ADVISE Meta, which allows representing a system using generic built-in blocks and relationships constituting the ontology of the framework, and to automatically derive complex low-level stochastic models representing attack steps and adversaries. In this paper, we extend the ADVISE Meta ontology to enlarge the variety of the possible attack paths and adversaries that can be represented in the framework, by modeling (i) attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and (ii) the adversaries’ profiles defined in the Threat Agent Library (TAL), a reference library which describes the characteristics of threat agents. The paper provides a detailed description of the whole process for extending the ADVISE Meta ontology, and the application of the extended modeling framework for an early-stage security analysis of a public transport supervision system. The framework enables a variety of security-oriented analyses, in particular to assess the probability that a given adversary can successfully reach a specific goal, to analyze the most probable attack path that adversaries can follow to reach a goal, to perform sensitivity analysis at varying of attack patterns and adversaries’ profiles, to compare different architectural solutions, and to identify the system’s components that can be more probably attacked by adversaries.