Abstract
Security attacks are hard to understand, often expressed with unfriendly and limited details, making it difficult for security experts and for security analysts to create intelligible security specifications. For instance, to explain Why (attack objective), What (i.e., system assets, goals, etc.), and How (attack method), adversary achieved his attack goals. We introduce in this paper a security attack meta-model for our SysML-Sec framework [18], developed to improve the threat identification and modeling through the explicit representation of security concerns with knowledge representation techniques. Our proposed meta-model enables the specification of these concerns through ontological concepts which define the semantics of the security artifacts and introduced using SysML-Sec diagrams. This meta-model also enables representing the relationships that tie several such concepts together. This representation is then used for reasoning about the knowledge introduced by system designers as well as security experts through the graphical environment of the SysML-Sec framework.
| Original language | English |
|---|---|
| Pages (from-to) | 45-58 |
| Number of pages | 14 |
| Journal | Electronic Proceedings in Theoretical Computer Science, EPTCS |
| Volume | 165 |
| DOIs | |
| Publication status | Published - 13 Oct 2014 |
| Event | 2014 International Workshop on Advanced Intrusion Detection and Prevention, AIDP 2014 - Marrakesh, Morocco Duration: 5 Jun 2014 → … |
Keywords
- Computer security
- Meta-models
- Network security
- Software engineering