A Domain-specific Modeling Framework for Attack Surface Modeling

Tithnara Sun, Bastien Drouot, Fahad Golra, Joël Champeau, Sylvain Guerin, Luka Le Roux, Raúl Mazo, Ciprian Teodorov, Lionel Van Aertryck, Bernard L’Hostis

Abstract

Cybersecurity is becoming vital as industries are gradually moving from automating physical processes to a higher level automation using cyber physical systems (CPS) and internet of things (IoT). In this context, security is becoming a continuous process that runs in parallel to other processes during the complete life cycle of a system. Traditional threat analysis methods use design models alongside threat models as an input for security analysis, hence missing the life-cycle-based dynamicity required by the security concern. In this paper, we argue for an attacker-aware systems modeling language that exposes the systems attack surfaces. For this purpose, we have designed Pimca, a domain specific modeling language geared towards capturing the attacker point of view of the system. This study introduces the formalism along with the Pimca workbench, a framework designed to ease the development and manipulation of the Pimca models. Finally, we present two relevant use cases, serving as a preliminary validation of our approach.

Download


Paper Citation


in Harvard Style

Sun T., Drouot B., Golra F., Champeau J., Guerin S., Le Roux L., Mazo R., Teodorov C., Van Aertryck L. and L’Hostis B. (2020). A Domain-specific Modeling Framework for Attack Surface Modeling.In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 341-348. DOI: 10.5220/0008916203410348


in Bibtex Style

@conference{icissp20,
author={Tithnara Sun and Bastien Drouot and Fahad Golra and Joël Champeau and Sylvain Guerin and Luka Le Roux and Raúl Mazo and Ciprian Teodorov and Lionel Van Aertryck and Bernard L’Hostis},
title={A Domain-specific Modeling Framework for Attack Surface Modeling},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={341-348},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008916203410348},
isbn={978-989-758-399-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Domain-specific Modeling Framework for Attack Surface Modeling
SN - 978-989-758-399-5
AU - Sun T.
AU - Drouot B.
AU - Golra F.
AU - Champeau J.
AU - Guerin S.
AU - Le Roux L.
AU - Mazo R.
AU - Teodorov C.
AU - Van Aertryck L.
AU - L’Hostis B.
PY - 2020
SP - 341
EP - 348
DO - 10.5220/0008916203410348