Tool-Based Attack Graph Estimation and Scenario Analysis for Software Architectures
Walter, Maximilian
1; Reussner, Ralf 1
1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
1; Reussner, Ralf 11 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
Abstract (englisch):
With the increase of connected systems and the ongoing digitalization of various aspects of our life, the security demands for software increase. Software architects should design a secure and resistant system. One solution can be the identification of attack paths or the usage of an access control policy analysis.
However, due to the system complexity identifying an attack path or analyzing access control policies is hard.
Current attack path calculation approaches, often only focus on the network topology and do not consider the more fine-grained information a software architecture can provide, such as the components or deployment. In addition, the impact of access control policies for a given scenario is unclear.
We developed an open-source attack propagation tool, which can calculate an attack graph based on the software architecture. This tool could help software architects to identify potential critical attack paths. Additionally, we extended the used access control metamodel to support a scenario-based access control analysis.
However, due to the system complexity identifying an attack path or analyzing access control policies is hard.
Current attack path calculation approaches, often only focus on the network topology and do not consider the more fine-grained information a software architecture can provide, such as the components or deployment. In addition, the impact of access control policies for a given scenario is unclear.
We developed an open-source attack propagation tool, which can calculate an attack graph based on the software architecture. This tool could help software architects to identify potential critical attack paths. Additionally, we extended the used access control metamodel to support a scenario-based access control analysis.
| Zugehörige Institution(en) am KIT | Institut für Informationssicherheit und Verlässlichkeit (KASTEL) Institut für Programmstrukturen und Datenorganisation (IPD) KIT-Bibliothek (BIB) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2023 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-3-031-36889-9 ISSN: 0302-9743 KITopen-ID: 1000160640 |
| HGF-Programm | 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems |
| Erschienen in | Software Architecture : ECSA 2022 Tracks and Workshops. Ed.: T. Batista |
| Veranstaltung | 16th European Conference on Software Architecture (ECSA 2022), Prag, Tschechien, 19.09.2022 – 23.09.2022 |
| Verlag | Springer International Publishing |
| Seiten | 45–61 |
| Serie | Lecture Notes in Computer Science ; 13928 |
| Vorab online veröffentlicht am | 16.07.2023 |
| Nachgewiesen in | Scopus Dimensions |
| Relationen in KITopen |