KIT | KIT-Bibliothek | Impressum | Datenschutz

Architectural Attack Propagation Analysis for Identifying Confidentiality Issues

Walter, Maximilian ORCID iD icon 1; Heinrich, Robert 1; Reussner, Ralf 1
1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)


Exchanging data between different systems enables us to build new smart services and digitise various areas of our daily life. This digitalisation leads to more efficient usage of resources, and an increased monetary value. However, the connection of different systems also increases the number of potential vulnerabilities. The vulnerabilities on their own might be harmless, but attackers could build attack paths based on the combination of different vulnerabilities. Additionally, attackers might exploit existing access control policies to further propagate through the system. For analysing this dependency between vulnerabilities and access control policies, we extended an architecture description language (ADL) to model access control policies and specify vulnerabilities. We developed an attack propagation analysis operating on the extended ADL, which can help to determine confidentiality violations in a system. We evaluated our approach by analysing the accuracy and the effort compared to a manual analysis using different scenarios in three case studies. The results indicate that our analysis is capable of identifying attack paths and reducing the effort compared to manual detection.

Postprint §
DOI: 10.5445/IR/1000146787
Veröffentlicht am 31.05.2022
Preprint §
DOI: 10.5445/IR/1000146787/pre
Veröffentlicht am 31.05.2022
DOI: 10.1109/ICSA53651.2022.00009
Zitationen: 9
Zitationen: 10
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Institut für Programmstrukturen und Datenorganisation (IPD)
Publikationstyp Proceedingsbeitrag
Publikationsmonat/-jahr 03.2022
Sprache Englisch
Identifikator ISBN: 978-1-66541-728-0
KITopen-ID: 1000146787
HGF-Programm 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems
Erschienen in 2022 IEEE 19th International Conference on Software Architecture (ICSA)
Veranstaltung 19th IEEE International Conference on Software Architecture (ICSA 2022), Honolulu, HI, USA, 12.03.2022 – 15.03.2022
Verlag Institute of Electrical and Electronics Engineers (IEEE)
Seiten 12 S.
Nachgewiesen in Scopus
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page