ECSA 2023
Mon 18 - Fri 22 September 2023 Istanbul, Turkey
Fri 22 Sep 2023 14:25 - 14:50 at Mavi Salon - Dependability Chair(s): Martina De Sanctis

Analyzing attacks and potential attack paths can help to identify and avoid potential security incidents. Manually estimating an attack path to a targeted software element can be complex since a software system consists of multiple vulnerable elements, such as components, hardware resources, or network elements. In addition, the elements are protected by access control. Software architecture describes the structural elements of the system, which may form elements of the attack path. However, estimating attack paths is complex since different attack paths can lead to a targeted element. Additionally, not all attack paths might be relevant since attack paths can have different properties based on the attacker’s capabilities and knowledge. We developed an approach that enables architects to identify relevant attack paths based on the software architecture. We created a metamodel for filtering options and added support for describing attack paths in an architectural description language. Based on this metamodel, we developed an analysis that automatically estimates attack paths using the software architecture. This can help architects to identify relevant attack paths to a targeted component and increase the system’s overall security. We evaluated our approach on five different scenarios. Our evaluation goals are to investigate our analysis’s accuracy and scalability. The results suggest a high accuracy and good runtime behavior for smaller architectures.

Fri 22 Sep

Displayed time zone: Athens change

14:00 - 15:35
DependabilityResearch Papers / Industry Program at Mavi Salon
Chair(s): Martina De Sanctis Gran Sasso Science Institute
14:00
25m
Full-paper
A Graph-based Java Projects Representation for Antipatterns DetectionFull Paper
Research Papers
Roberta Capuano University of L'Aquila, Italy, Henry Muccini University of L'Aquila, Italy
14:25
25m
Full-paper
Architecture-based Attack Path Analysis for Identifying Potential Security IncidentsFull Paper
Research Papers
Walter Maximilian Karlsruhe Institute of Technology (KIT), Robert Heinrich Karlsruhe Institute of Technology, Ralf Reussner Karlsruhe Institute of Technology (KIT) and FZI - Research Center for Information Technology (FZI)
14:50
15m
Short-paper
Guidance Models for Designing Big Data Cyber Security Analytics SystemsShort Paper
Research Papers
Faheem Ullah , Muhammad Ali Babar University of Adelaide
15:05
15m
Short-paper
Parallel and Distributed Architecture for Multilingual Open Source Intelligence SystemsShort Paper
Industry Program
Alper Karamanlioglu HAVELSAN, Middle East Technical University, Gökhan Yurtalan HAVELSAN, Meltem Yılmaz HAVELSAN, Yahya Bahadır Karataş HAVELSAN, Abdullah Doğan HAVELSAN
15:20
15m
Short-paper
Substitute and Complementary Open Source Software in Artificial Intelligence FrameworksShort Paper
Industry Program