A model-driven approach for vulnerability evaluation of modern physical protection systems

Modern physical protection systems integrate a number of security systems (including procedures, equipments, and personnel) into a single interface to ensure an adequate level of protection of people and critical assets against malevolent human actions. Due to the critical functions of a protection system, the quantitative evaluation of its effectiveness is an important issue that still raises several challenges. In this paper we propose a model-driven approach to support the design and the evaluation of physical protection systems based on (a) UML models representing threats, protection facilities, assets, and relationships among them, and (b) the automatic construction of a Bayesian Network model to estimate the vulnerability of different system configurations. Hence, the proposed approach is useful both in the context of vulnerability assessment and in designing new security systems as it enables what-if and cost–benefit analyses. A real-world case study is further illustrated in order to validate and demonstrate the potentiality of the approach. Specifically, two attack scenarios are considered against the depot of a mass transit transportation system in Milan, Italy.

[1]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[2]  Stefano Marrone,et al.  Modeling Railway Control Systems in Promela , 2015, FTSCS.

[3]  Valeria Vittorini,et al.  Railway Infrastructure Security , 2015 .

[4]  Brian A. Jackson,et al.  Securing America's Passenger Rail Systems , 2008 .

[5]  Stefano Marrone,et al.  Enabling the usage of UML in the verification of railway systems: The DAM-rail approach , 2013, Reliab. Eng. Syst. Saf..

[6]  Claudio Sterle,et al.  Optimal Location of Security Devices , 2015 .

[7]  Stefano Marrone,et al.  Dynamic State Machines for Formalizing Railway Control System Specifications , 2014, FTSCS.

[8]  Mathias Ekstedt,et al.  A Manual for the Cyber Security Modeling Language (simplified version) , 2013 .

[9]  Sankaran Mahadevan,et al.  Vulnerability Assessment of Physical Protection Systems: A Bio-Inspired Approach , 2015, Int. J. Unconv. Comput..

[10]  Ulrich Hannemann,et al.  Modeling the Railway Control Domain Rigorously with a UML 2.0 Profile , 2006, SAFECOMP.

[11]  Scott D. Sagan,et al.  The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security † , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[12]  Krzysztof Czarnecki,et al.  Feature-based survey of model transformation approaches , 2006, IBM Syst. J..

[13]  Donn B. Parker,et al.  Risks of risk-based security , 2007, Commun. ACM.

[14]  Tom Mens,et al.  A Taxonomy of Model Transformation , 2006, GRaMoT@GPCE.

[15]  David Heckerman,et al.  A Tutorial on Learning with Bayesian Networks , 1999, Innovations in Bayesian Networks.

[16]  Stefano Marrone,et al.  Test Specification Patterns for Automatic Generation of Test Sequences , 2014, FMICS.

[17]  Tao Tang,et al.  Epsilon-based model transformation and verification of train control system specification , 2011, Proceedings of the 30th Chinese Control Conference.

[18]  Stefano Marrone,et al.  Petri Net Modelling of Physical Vulnerability , 2011, CRITIS.

[19]  Khurram Shahzad,et al.  P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language , 2015, IEEE Trans. Dependable Secur. Comput..

[20]  N. Mazzocca,et al.  Dynamic state machines for modelling railway control systems , 2017, Sci. Comput. Program..

[21]  Roberto Nardone,et al.  A Model-Driven Process for Physical Protection System Design and Vulnerability Evaluation , 2015 .

[22]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[23]  Francesco Flammini,et al.  A Study on Multiformalism Modeling of Critical Infrastructures , 2008, CRITIS.

[24]  Ali A. Ghorbani,et al.  UML-CI: A reference model for profiling critical infrastructure systems , 2010, Inf. Syst. Frontiers.

[25]  Xinhong Hei,et al.  Automatic transformation from UML statechart to Petri nets for safety analysis and verification , 2011, 2011 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering.

[26]  Stefano Bistarelli,et al.  Evaluation of complex security scenarios using defense trees and economic indexes , 2012, J. Exp. Theor. Artif. Intell..

[27]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[28]  Francesco Flammini,et al.  Quantitative Security Risk Assessment and Management for Railway Transportation Infrastructures , 2009, CRITIS.

[29]  Stefano Marrone,et al.  Model-Driven Availability Evaluation of Railway Control Systems , 2011, SAFECOMP.

[30]  Stefano Marrone,et al.  On synergies of cyber and physical security modelling in vulnerability assessment of railway systems , 2015, Comput. Electr. Eng..

[31]  Stefano Marrone,et al.  A Petri Net Pattern-Oriented Approach for the Design of Physical Protection Systems , 2014, SAFECOMP.

[32]  Stefano Marrone,et al.  Model-Based Vulnerability Assessment of Self-Adaptive Protection Systems , 2015, IDC.

[33]  Francesco Flammini,et al.  A MULTIFORMALISM MODULAR APPROACH TO ERTMS/ETCS FAILURE MODELING , 2014 .

[34]  Gerti Kappel,et al.  Model Transformation By-Example: A Survey of the First Wave , 2012, Conceptual Modelling and Its Theoretical Foundations.

[35]  Francesco Flammini Critical Infrastructure Security: Assessment, Prevention, Detection, Response , 2012 .

[36]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[37]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[38]  Mary Lynn Garcia,et al.  The Design and Evaluation of Physical Protection Systems , 2001 .

[39]  Samuel L. Clements,et al.  Cyber/physical security vulnerability assessment integration , 2013, 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT).

[40]  Marco Gribaudo,et al.  Exploiting Bayesian Networks for the Analysis of Combined Attack Trees , 2015, PASM.

[41]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[42]  Roberto Nardone,et al.  Vulnerability modeling and analysis for critical infrastructure protection applications , 2013, Int. J. Crit. Infrastructure Prot..

[43]  Ted G. Lewis,et al.  Model-based Risk Analysis For CriticalInfrastructures , 2012 .

[44]  Claudio Sterle,et al.  Optimization Models in a Smart Tool for the Railway Infrastructure Protection , 2013, CRITIS.

[45]  Stefano Marrone,et al.  Improving Verification Process in Driverless Metro Systems: The MBAT Project , 2012, ISoLA.

[46]  Stefano Marrone,et al.  Towards Model-Driven V&V assessment of railway control systems , 2014, International Journal on Software Tools for Technology Transfer.

[47]  Stefano Marrone,et al.  Model-Driven Estimation of Distributed Vulnerability in Complex Railway Networks , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[48]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[49]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.

[50]  Francesco Flammini,et al.  Multiformalism techniques for critical infrastructure modelling , 2010, Int. J. Syst. Syst. Eng..

[51]  Gerald G. Brown,et al.  Analyzing the Vulnerability of Critical Infrastructure to Attack and Planning Defenses , 2005 .

[52]  Ricardo J. Rodríguez,et al.  Modelling Security of Critical Infrastructures: A Survivability Assessment , 2015, Comput. J..

[53]  Alan T. Murray An overview of network vulnerability modeling approaches , 2013 .

[54]  Porfirio Tramontana,et al.  Towards automatic model-in-the-loop testing of electronic vehicle information centers , 2014, WISE@ASE.

[55]  Bran Selic,et al.  A Systematic Approach to Domain-Specific Language Design Using UML , 2007, 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07).

[56]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[57]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[58]  Manachai Toahchoodee,et al.  Verification and Trade-Off Analysis of Security Properties in UML System Models , 2010, IEEE Transactions on Software Engineering.

[59]  Barry Charles Ezell,et al.  Infrastructure Vulnerability Assessment Model (I‐VAM) , 2007, Risk analysis : an official publication of the Society for Risk Analysis.