{"title":"识别机密性问题的体系结构攻击传播分析","authors":"Maximilian Walter, R. Heinrich, R. Reussner","doi":"10.1109/ICSA53651.2022.00009","DOIUrl":null,"url":null,"abstract":"Exchanging data between different systems enables us to build new smart services and digitise various areas of our daily life. This digitalisation leads to more efficient usage of resources, and an increased monetary value. However, the connection of different systems also increases the number of potential vulnerabilities. The vulnerabilities on their own might be harmless, but attackers could build attack paths based on the combination of different vulnerabilities. Additionally, attackers might exploit existing access control policies to further propagate through the system. For analysing this dependency between vulnerabilities and access control policies, we extended an architecture description language (ADL) to model access control policies and specify vulnerabilities. We developed an attack propagation analysis operating on the extended ADL, which can help to determine confidentiality violations in a system. We evaluated our approach by analysing the accuracy and the effort compared to a manual analysis using different scenarios in three case studies. The results indicate that our analysis is capable of identifying attack paths and reducing the effort compared to manual detection.","PeriodicalId":179123,"journal":{"name":"2022 IEEE 19th International Conference on Software Architecture (ICSA)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Architectural Attack Propagation Analysis for Identifying Confidentiality Issues\",\"authors\":\"Maximilian Walter, R. Heinrich, R. Reussner\",\"doi\":\"10.1109/ICSA53651.2022.00009\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Exchanging data between different systems enables us to build new smart services and digitise various areas of our daily life. This digitalisation leads to more efficient usage of resources, and an increased monetary value. However, the connection of different systems also increases the number of potential vulnerabilities. The vulnerabilities on their own might be harmless, but attackers could build attack paths based on the combination of different vulnerabilities. Additionally, attackers might exploit existing access control policies to further propagate through the system. For analysing this dependency between vulnerabilities and access control policies, we extended an architecture description language (ADL) to model access control policies and specify vulnerabilities. We developed an attack propagation analysis operating on the extended ADL, which can help to determine confidentiality violations in a system. We evaluated our approach by analysing the accuracy and the effort compared to a manual analysis using different scenarios in three case studies. The results indicate that our analysis is capable of identifying attack paths and reducing the effort compared to manual detection.\",\"PeriodicalId\":179123,\"journal\":{\"name\":\"2022 IEEE 19th International Conference on Software Architecture (ICSA)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 19th International Conference on Software Architecture (ICSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSA53651.2022.00009\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 19th International Conference on Software Architecture (ICSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSA53651.2022.00009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Architectural Attack Propagation Analysis for Identifying Confidentiality Issues
Exchanging data between different systems enables us to build new smart services and digitise various areas of our daily life. This digitalisation leads to more efficient usage of resources, and an increased monetary value. However, the connection of different systems also increases the number of potential vulnerabilities. The vulnerabilities on their own might be harmless, but attackers could build attack paths based on the combination of different vulnerabilities. Additionally, attackers might exploit existing access control policies to further propagate through the system. For analysing this dependency between vulnerabilities and access control policies, we extended an architecture description language (ADL) to model access control policies and specify vulnerabilities. We developed an attack propagation analysis operating on the extended ADL, which can help to determine confidentiality violations in a system. We evaluated our approach by analysing the accuracy and the effort compared to a manual analysis using different scenarios in three case studies. The results indicate that our analysis is capable of identifying attack paths and reducing the effort compared to manual detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
