SpringerLink
Log in

Architecture-Based Attack Path Analysis for Identifying Potential Security Incidents

  • Conference paper
  • First Online:
Software Architecture (ECSA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14212))

Included in the following conference series:

  • 714 Accesses

Abstract

Analyzing attacks and potential attack paths can help to identify and avoid potential security incidents. Manually estimating an attack path to a targeted software element can be complex since a software system consists of multiple vulnerable elements, such as components, hardware resources, or network elements. In addition, the elements are protected by access control. Software architecture describes the structural elements of the system, which may form elements of the attack path. However, estimating attack paths is complex since different attack paths can lead to a targeted element. Additionally, not all attack paths might be relevant since attack paths can have different properties based on the attacker’s capabilities and knowledge. We developed an approach that enables architects to identify relevant attack paths based on the software architecture. We created a metamodel for filtering options and added support for describing attack paths in an architectural description language. Based on this metamodel, we developed an analysis that automatically estimates attack paths using the software architecture. This can help architects to identify relevant attack paths to a targeted component and increase the system’s overall security. We evaluated our approach on five different scenarios. Our evaluation goals are to investigate our analysis’s accuracy and scalability. The results suggest a high accuracy and good runtime behavior for smaller architectures.

This work was supported by the German Research Foundation (DFG) under project number 432576552 (FluidTrust), by funding from the topic Engineering Secure Systems of the Helmholtz Association (HGF), by KASTEL Security Research Labs, by “Kerninformatik am KIT (KiKIT)” funded by the Helmholtz Association (HGF), and by the German Federal Ministry of Education and Research (BMBF) grant number 16KISA086 (ANYMOS).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://bloodhoundenterprise.io/.

References

  1. Aksu, M.U., et al.: Automated generation of attack graphs using NVD. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 135–142. ACM (2018)

    Google Scholar 

  2. Alhebaishi, N., et al.: Threat modeling for cloud data center infrastructures. In: Foundations and Practice of Security, pp. 302–319 (2016)

    Google Scholar 

  3. Basili, G., et al.: The goal question metric approach. Encyclopedia of Software Engineering (1994)

    Google Scholar 

  4. Berger, B.J., Sohr, K., Koschke, R.: Automatically extracting threats from extended data flow diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 56–71. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30806-7_4

    Chapter  Google Scholar 

  5. CVE. https://cve.mitre.org/. Accessed 11 Jan 2022

  6. CVSS SIG. https://www.first.org/cvss/. Accessed 11 Jan 2022

  7. CWE. https://cwe.mitre.org/. Accessed 11 Jan 2022

  8. Fisler, K., et al.: Verification and change-impact analysis of access-control policies. In: International Conference on Software Engineering 2005, p. 196 (2005)

    Google Scholar 

  9. Hamilton, B.A.: Industrial Cybersecurity Threat Briefing. Tech. rep., p. 82

    Google Scholar 

  10. Heinrich, R., et al.: Architecture-based change impact analysis in cross-disciplinary automated production systems. JSS 146, 167–185 (2018)

    Google Scholar 

  11. ISO: Information technology. en. Standard ISO/IEC 27000:2018, Geneva, CH (2018)

    Google Scholar 

  12. Johns, E.: Cyber Security Breaches Survey 2021: Statistical Release (2021)

    Google Scholar 

  13. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32

    Chapter  MATH  Google Scholar 

  14. Katkalov, K.: Ein modellgetriebener Ansatz zur Entwicklung informationsflusssicherer Systeme. doctoral thesis, Universität Augsburg (2017)

    Google Scholar 

  15. Kirschner, Y.R., et al.: Automatic Derivation of Vulnerability Models for Software Architectures. In: IEEE 20th International Conference on Software Architecture Companion (ICSA-C), pp. 276–283 (2023)

    Google Scholar 

  16. Kordy, B., et al.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)

    Article  MATH  Google Scholar 

  17. Lodderstedt, Torsten, Basin, David, Doser, Jürgen.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, Jean-Marc., Hussmann, Heinrich, Cook, Stephen (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_33

    Chapter  MATH  Google Scholar 

  18. OWASP Top Ten Web Application Security Risks | OWASP. https://owasp.org/www-project-top-ten/. Accessed 11 Jan 2022

  19. Plachkinova, M., Maurer, C.: Security breach at target. J. Inf. Syst. Educ. 29(1), 11–20 (2018)

    Google Scholar 

  20. Polatidis, N., et al.: From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks. Evolving Syst. 11(3), 479–490 (2020)

    Article  Google Scholar 

  21. Reussner, R., et al.: Modeling and Simulating Software Architectures - The Palladio Approach. MIT Press, Cambridge (2016). isbn: 9780262034760

    Google Scholar 

  22. Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empirical Softw. .ineering 14(2), 131 (2008)

    Article  Google Scholar 

  23. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  24. Securing the Software Supply Chain: Recommended Practices Guide for Developers, p. 64. Cybersecurity and Infrastructure Security Agency (CISA) (2022)

    Google Scholar 

  25. Seifermann, S., et al.: detecting violations of access control and information flow policies in data flow diagrams. J. Syst. Softw. 184, 111138 (2021)

    Google Scholar 

  26. Shu, X., et al.: Breaking the Target: An Analysis of Target Data Breach and Lessons Learned. ar**v:1701.04940 [cs] (2017)

  27. Sion, L., et al.: Solution-aware data flow diagrams for security threat modeling. In: Symposium on Applied Computing, pp. 1425–1432. ACM (2018)

    Google Scholar 

  28. Sommestad, T., et al.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Syst. J. 7(3), 363–373 (2012)

    Article  Google Scholar 

  29. Tuma, K., et al.: Flaws in flows: unveiling design flaws via information flow analysis. In: International Conference on Software Architecture, pp. 191–200 (2019)

    Google Scholar 

  30. Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Analysis of XACML policies with SMT. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 115–134. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_7

    Chapter  Google Scholar 

  31. Van Rijsbergen, C., and Van Rijsbergen, C.: Information Retrieval. Butterworths (1979). isbn: 9780408709293

    Google Scholar 

  32. Walter, M., and Reussner, R.: Tool-based attack graph estimation and scenario analysis for software architectures. In: European Conference on Software Architecture 2022 Tracks and Workshops (accepted, to appear)

    Google Scholar 

  33. Walter, M., et al.: Architectural attack propagation analysis for identifying confidentiality issues. In: International Conference on Software Architecture (2022)

    Google Scholar 

  34. Walter, M., et al.: Architecture-based attack propagation and variation analysis for identifying confidentiality issues in Industry 4.0. at - Automatisierungstechnik 71(6), 443–452 (2023)

    Google Scholar 

  35. Walter, M., et al.: Dataset: Architecture-based Attack Path Analysis for Identifying Potential Security Incidents. https://doi.org/10.5281/zenodo.7900356

  36. Yuan, B., et al.: An attack path generation methods based on graph database. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 1905–1910 (2020)

    Google Scholar 

Download references

Acknowledgement

We like to thank Jonathan Schenkenberger, who helped to implement this approach during his Master’s thesis.

Author information

Authors and Affiliations

  1. KASTEL – Institute of Information Security and Dependability, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany

    Maximilian Walter, Robert Heinrich & Ralf Reussner

Authors
  1. Maximilian Walter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Heinrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ralf Reussner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maximilian Walter .

Editor information

Editors and Affiliations

  1. Wageningen University, Wageningen, The Netherlands

    Bedir Tekinerdogan

  2. Computer Science, Gran Sasso Science Institute, L’Aquila, Italy

    Catia Trubiani

  3. LIRMM, University of Montpellier, Montpellier, France

    Chouki Tibermacine

  4. DIGIP, University of Bergamo, Dalmine, Italy

    Patrizia Scandurra

  5. Superior de Ingeniería Informática, Rey Juan Carlos University, Mostoles, Madrid, Spain

    Carlos E. Cuesta

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Walter, M., Heinrich, R., Reussner, R. (2023). Architecture-Based Attack Path Analysis for Identifying Potential Security Incidents. In: Tekinerdogan, B., Trubiani, C., Tibermacine, C., Scandurra, P., Cuesta, C.E. (eds) Software Architecture. ECSA 2023. Lecture Notes in Computer Science, vol 14212. Springer, Cham. https://doi.org/10.1007/978-3-031-42592-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42592-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42591-2

  • Online ISBN: 978-3-031-42592-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation