With the increase of connected systems and the ongoing digitalization of various aspects of our life, the security demands for software increase. Software architects should design a secure and resistant system against cyber-attacks. One solution could be the identification and mitigation of attack paths during the development. However, attackers often combine different attack paths to compromise a system. For instance, they might use multiple vulnerabilities and combine these with exploiting access control policies. Current attack path calculation approaches, often only focus on the network topology and do not consider the more fine-grained information a software architecture can provide, such as the components or deployment. We developed an open-source Eclipse plugin, which can calculate an attack graph based on the software architecture. This tool could help software architects to identify potential critical attack paths.
Fri 23 SepDisplayed time zone: Belgrade, Bratislava, Budapest, Ljubljana, Prague change
11:00 - 12:30 | Architecture modeling, design and decision makingTools & Demos / Research Papers at S4 Chair(s): Henry Muccini University of L'Aquila, Italy, Luciano Baresi Politecnico di Milano | ||
11:00 5mFull-paper | From Informal Architecture Diagrams to Flexible Blended ModelsBest paper candidate Research Papers A: Robbert Jongeling Malardalen University, A: Federico Ciccozzi Malardalen University, A: Antonio Cicchetti Mälardalen University, A: Jan Carlson Malardalen University | ||
11:05 5mShort-paper | Debiasing Architectural Decision-Making: A Workshop-Based Training Approach Research Papers A: Klara Borowa Warsaw University of Technology, A: Maria Jarek , A: Gabriela Mystkowska , A: Weronika Paszko , A: Andrzej Zalewski | ||
11:10 5mShort-paper | Persistence Factories Architectural Design Pattern Research Papers | ||
11:15 5mShort-paper | Feature-based Investigation of Simulation Structure and Behaviour Research Papers A: Sandro Koch Karlsruhe Institute of Technology (KIT), A: Robert Heinrich Karlsruhe Institute of Technology (KIT), A: Ralf Reussner Karlsruhe Institute of Technology (KIT) and FZI - Research Center for Information Technology (FZI) | ||
11:20 5mDemonstration | Tool-based Attack Graph Estimation for Software Architectures Tools & Demos | ||
11:25 65mOther | Discussion Research Papers |
Each paper is presented as a 5-minute pitch talk at the beginning. The rest of the session is a discussion.
After reaching the 3rd floor (either by elevator or the main staircase), turn right.