المؤلفون: Bernardi, S., Gentile, U., Marrone, S., Merseguer, J., Nardone, R.

الوصف: The modelling and verification of systems security is an open research topic whose complexity and importance needs, in our view, the use of formal and non-formal methods. This paper addresses the modelling of security using misuse cases and the automatic verification of survivability properties using model checking. The survivability of a system characterises its capacity to fulfil its mission (promptly) in the presence of attacks, failures, or accidents, as defined by Ellison. The original contributions of this paper are a methodology and its tool support, through a framework called surreal. The methodology starts from a misuse case specification enriched with UML profile annotations and obtains, as a by-product, a survivability assessment model (SAM). Using predefined queries the survivability properties are proved in the SAM. A total of fourteen properties have been formulated and also implemented in surreal, which encompasses tools to model the security specification, to create the SAM and to prove the properties. Finally, the paper validates the methodology and the framework using a cyber–physical system (CPS) case study, in the automotive field.

وصف الملف: application/pdf

العلاقة: info:eu-repo/grantAgreement/ES/MICIU/Medrese-RTI2018-098543-B-I00; http://zaguan.unizar.es/record/106601Test

الإتاحة: https://doi.org/10.1016/j.jss.2020.110746Test
http://zaguan.unizar.es/record/106601Test

المؤلفون: Bernardi, S., Marrone, S., Merseguer, J., Nardone, R., Vittorini, V.

الوصف: Model-driven techniques can be used to automatically produce formal models from different views of a system realised by using several modelling languages and notations. Specifications are transformed into formal models so facilitating the analysis of complex system for design, validation or verification purposes. However, no single formalism suits for representing all system’s views. In particular, the assessment of non-functional properties often requires integrated modelling approaches. The ultimate goal of the research work described in this paper is to develop a comprehensive, theoretical and practical framework able to support the development and the integration of new or existing model-driven approaches for the automatic generation of multi-formalism models. This paper defines the core theoretical ideas on which the framework is based and demonstrates their concrete applicability to the development of a multi-formalism approach for performability assessment.

وصف الملف: application/pdf

العلاقة: info:eu-repo/grantAgreement/ES/UZ/CUD2017-TEC-09; info:eu-repo/grantAgreement/ES/MINECO/TIN2014-58457-R; This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No H2020 644869-DICE; info:eu-repo/grantAgreement/EC/H2020/644869/EU/Developing Data-Intensive Cloud Applications with Iterative Quality Enhancements/DICE; info:eu-repo/grantAgreement/ES/DGA/T94; http://zaguan.unizar.es/record/69454Test

الإتاحة: https://doi.org/10.1007/s10270-018-0663-8Test
http://zaguan.unizar.es/record/69454Test

المؤلفون: Marrone, Stefano, Rodríguez, Ricardo J., Nardone, Roberto, Flammini, Francesco, Vittorini, Valeria

الوصف: The multifaceted nature of cyber-physical systems needs holistic study methods to detect essential aspects and interrelations among physical and cyber components. Like the systems themselves, security threats feature both cyber and physical elements. Although to apply divide et impera approaches helps handling system complexity, to consider just one aspect at a time does not provide adequate risk awareness and hence does not allow to design the most appropriate countermeasures. To support this claim, in this paper we provide a joint application of two model-driven techniques for physical and cyber-security evaluation. We apply two UML profiles, namely SecAM (for cyber-security) and CIP\_VAM (for physical security), in combination. In such a way, we demonstrate the synergy between both profiles and the need for their tighter integration in the context of a reference case study from the railway domain.

وصف الملف: application/pdf

العلاقة: http://zaguan.unizar.es/record/56105Test

الإتاحة: https://doi.org/10.1016/j.compeleceng.2015.07.011Test
http://zaguan.unizar.es/record/56105Test