Model-based Engineering for Functional Risk Assessment and Design of Cyber Resilient Systems
Report Number: SERC-2019-TR-002
Publication Date: 2019-02-22
Project: Security Engineering – Design Patterns and Operational Concepts
Dr. Peter Beling
Dr. Cody Fleming
This report describes a 12-month research activity with the principal objective of continuing development, testing and evaluation of a methodology and supporting suite of model-based engineering tools for functional risk assessment and design of cyber resilient systems. Research tasks were structured to extend the methods and support tools for the decision problem of selecting defense and resilience methods in the design and modification of cyber-physical systems. Research reported here continues the efforts of previous SERC projects, notably RT-156 and RT-172, and leverages and contributes to contemporaneous work in RT-191. The project was carried out as part of an ongoing research partnership between the University of Virginia (UVA) and Virginia Commonwealth University (VCU). The UVA team led development of methods and tools to model the consequences of cyber-attacks on cyber-physical systems, and the VCU team led development of tools that relate consequences to likely attacks.
Outcomes this year include developing a deeper understanding of open source databases of historical cyber-attacks (e.g., CAPEC, CWE, CERT, and CVE), as well as defining and developing SysML modeling constructs and a traceability ontology to effectively capture relations between missions and system, components in the presence of attack patterns. Key accomplishments for this phase include: (1) development of the STRAT toolset to support CSRM and dynamic assessment of attack consequence, (2) use of several different NLP/querying techniques to characterize relationships between attack classes in CAPEC, CWE, and CVE; (3) development of the Security Analyst Dashboard. The dashboard presents an interactive view of both the “System” and the “Attack Space” and allows for several different levels of automation as well as human/analyst interaction. Each of the tools is published as a binary and/or executable. The Dashboard is designed to work within CYBOK (though CYBOK may be used independently of the dashboard); for example, the dashboard uses the automated recommender system that underpins CYBOK to provide analysts with the capability to directly query specific entries in CAPEC, CVE, and CWE.