Conclusion - Vulnerability analysis of cyber security modellinglanguage models using probabili

In this chapter, we have discussed the tools and technologies which we use in our work. We have introduced CySeMoL and thoroughly explained the modelling features it provides, and the details of its vulnerability analysis. In the following chapter, we will use Model-Driven Engineering principles for the construction of models which will capture the information used for our new vulnerability analysis. Furthermore, we construct a model for the representation of a ProbLog program, for which we have developed a model-to-text transformation which is able to generate a valid ProbLog program from such a model. In order to reconstruct the vulnerability analysis of CySeMoL in ProbLog, we apply a model-to-model transformation from our vulnerability analysis models to our ProbLog model.

The existing CySeMoL vulnerability model contains a specification of how the vulnerabilities should be derived from a network infrastructure model. This specification is written in a probabilistic programming language (P2_{AMF), which we automatically parse using ANTLR. The resulting parse}

Chapter 3

The Probabilistic Vulnerability

Analysis model

3.1 Introduction

Following our first goal (see section 1.3), the improvement of the analysis speed of the vulnerability analysis of CySeMoL, we have investigated an alternative method of analysis using ProbLog. The details on how the probability of a successful attack can be inferred for a given network infrastructure is defined in the threat model used by CySeMoL. We aim to reuse the threat model of CySeMoL as much as possible, given that it has been developed as a result of years of research[36]. CySeMoL and its analysis have been documented in published articles, and the documentation of EAAT is publicly available from the KTH website[37, 36, 35, 43, 7]. However, both the analysis and the metamodel of CySeMoL depend on the availability of the EAAT framework, and are not accessible or usable outside of the EAAT ecosystem.

From our investigation of

iEaat

files, the storage format used by EAAT, we have derived a method which allows us to access the threat model of CySeMoL outside of EAAT. For a description of the

iEaat

format, and how we are able to extract information from these files, see section 4.2. Guided by these results, we have to choose between the following two approach options:

1. Transform the information from an

iEaat

file directly to a ProbLog program.

2. Use an intermediate pivot model, and transform the information from an

iEaat

file to this model. Next, define an additional transformation to ProbLog.

We have opted to choose the approach as described in item 2, the rationale for this choice is twofold: First, we aim to achieve our second and third goals (see section 1.3) which prescribe both the input to the vulnerability analysis, as well as the analysis itself to be extensible. The approach of item 2 has more potential for achieving these goals, as each step can be implemented by different means. Second, the

iEaat

file contains a deliberate separation between the definition of the vulnerability analysis, and the definition of network infrastructure under analysis. We foresee that for real networked computer systems, the network architecture may change rapidly, whereas the component definitions and the threat model will be subject to change over longer time periods. The approach in item 2 allows to retain this separation, which potentially will result in a more flexible and faster method for performing the vulnerability analysis of CySeMoL using ProbLog.

Figure 3.1: A schematic overview of the transformation process of transforming CySeMoL models stored as

iEaat

files into ProbLog programs. Details of the transformations steps are shown in table 4.1 and in chapter 4, where we discuss the design of the model transformations.

In figure 1.1, we show our design of the process for extracting the information stored in

iEaat

files into a pivot model, and how the pivot model is transformed to a ProbLog program which is used to perform the intended vulnerability analysis. Due to the separation between the specification of the vulnerability analysis and the definition of the input network infrastructure, we have decided to split the pivot model into two models. We refer to the vulnerability specification model as the

Probabilistic Vulnerability Analysis(PVA) model, and to the network infrastructure instance model as theProbabilistic Vulnerability Analysis Instance(PVAI) model. Ultimately, the PVA and PVAI models are transformed into a ProbLog program. In order to reduce the complexity of our transformation scripts, we employ an additional intermediate model which represents ProbLog programs. We have developed a model-to-text transformation which generates ProbLog programs from instances of the ProbLog model.

The complete system of models and model transformations is shown in figure 3.1. This figure shows the parts of a CySeMoL model stored as an

iEaat

file on the left hand side, and the output of ProbLog on the right hand side. The rest of the figure shows all the intermediate steps of the process which we employ to obtain ProbLog programs when starting with CySeMoL models. In this figure, we also show the role of the PVA and PVAI models as a pivot model; changing the vulnerability analysis amounts to the replacement of the ‘ProbLog’ block of models and model transformations. In this chapter, we discuss the details of the design of the PVA, PVAI and ProbLog models, and the design choices made during the development of these models. We cover the design of the transformation scripts in chapter 4, and we discuss the implementation of these scripts in chapter 5.

In document Vulnerability analysis of cyber security modelling language models using probabilistic logic (Page 39-41)