Model-Based Generation of Attack-Fault Trees

TL;DR

This paper introduces a semi-automatic tool-chain for generating comprehensive Attack-Fault Trees by combining partial models from manual inputs and vulnerability databases, aiding safety and security analysis of cyber-physical systems.

Contribution

It presents a novel semi-automatic method and tool-chain for generating complete Attack-Fault Trees from partial models, streamlining the joint safety and security analysis process.

Findings

Automated combination of partial Fault and Attack Trees into complete AFTs.

Use of graph transformation rules for model integration.

Facilitates holistic safety and security analysis.

Abstract

Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules.