Abstract
We propose a model-based procedure for preventing security threats using formal models. We encode system models and threats as satisfiability modulo theory (SMT) formulas. This model allows us to ask security questions as satisfiability queries. We formulate threat prevention as an optimization problem over the same formulas. The outcome of our threat prevention procedure is a suggestion of model attribute repair that eliminates threats. We implement our approach using the state-of-the-art Z3 SMT solver and interface it with the threat analysis tool THREATGET. We demonstrate the value of our procedure in two case studies from automotive and smart home domains.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreements No. 956123 (FOCETA), No. 871385 (TEACHING) and from the program “ICT of the Future” of the Austrian Research Promotion Agency (FFG) and the Austrian Ministry for Transport, Innovation and Technology under grant agreements No. 867558 (project TRUSTED).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
THREATGET uses its own syntax and semantics to express threats [3]. We use instead predicate logic to facilitate the encoding of the forthcoming algorithms into SMT formulas. Our implementation contains an automated translation from THREATGET syntax to threat logic.
- 2.
We ignore here a fourth possible verdict \(\mathop {\textrm{unknown}}\limits \) that can arise in practice and that happens if the solver is not able to reach a conclusion before it times out.
References
Bjørner, N., Phan, A.: \(\nu \)z - maximal satisfaction with Z3. In: 6th International Symposium on Symbolic Computation in Software Science, SCSS 2014, Gammarth, La Marsa, Tunisia, December 2014, pp. 1–9. EasyChair (2014)
Bjørner, N., Phan, A., Fleckenstein, L.: \(\nu \)Z - an optimizing SMT solver. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. Lecture Notes in Computer Science, vol. 9035, pp. 194–199. Springer, London, UK (2015)
Christl, K., Tarrach, T.: The analysis approach of ThreatGet. CoRR, abs/2107.09986 (2021)
Cimatti, A., Griggio, A., Schaafsma, B.J., Sebastiani, R.: A modular approach to MaxSAT modulo theories. In: Järvisalo, M., Van Gelder, A. (eds.) SAT 2013. LNCS, vol. 7962, pp. 150–165. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39071-5_12
Dillig, I., Dillig, T., McMillan, K.L., Aiken, A.: Minimum satisfying assignments for SMT. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 394–409. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_30
Foreseeti AB. Foreseeti (2020). Online. Accessed 29 Nov 2020
Goodwin, M., Gadsden, J.: OWASP threat dragon (2020). Online. Accessed 29 Nov 2020
McRee, R.: Microsoft threat modeling tool 2014: identify & mitigate. ISSA J. 39, 42 (2014)
Mürling, M.W.: Security by design: new “THREATGET” tool tests cyber security in vehicles and systems (2021). Online Article
Nieuwenhuis, R., Oliveras, A.: On SAT modulo theories and optimization problems. In: Biere, A., Gomes, C.P. (eds.) SAT 2006. LNCS, vol. 4121, pp. 156–169. Springer, Heidelberg (2006). https://doi.org/10.1007/11814948_18
Riener, H., Könighofer, R., Fey, G., Bloem, R.: SMT-based CPS parameter synthesis. In: Frehse, G., Althoff, M. (eds.) 3rd International Workshop on Applied Verification for Continuous and Hybrid Systems, ARCH@CPSWeek 2016, Volume 43 of EPiC Series in Computing, Vienna, Austria, pp. 126–133. EasyChair (2016)
El Sadany, M., Schmittner, C., Kastner, W.: Assuring compliance with protection profiles with ThreatGet. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11699, pp. 62–73. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_5
Sebastiani, R., Trentin, P.: OptiMathSAT: a tool for optimization modulo theories. J. Autom. Reason. 64(3), 423–460 (2018). https://doi.org/10.1007/s10817-018-09508-6
Security Compass Ltd.: Security compass SD elements (2020). Accessed 29 Nov 2020
ThreatModeler Software, Inc.: ThreatModeler (2020). Online. Accessed 29 Nov 2020
Tutamantic Ltd.: Tutamen threat model automator (2020). Online. Accessed 29 Nov 2020
Was, J., Avhad, P., Coles, M., Ozmore, N., Shambhuni, R., Tarandach, I.: OWASP pytm (2020). Online. Accessed 29 Nov 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tarrach, T., Ebrahimi, M., König, S., Schmittner, C., Bloem, R., Ničković, D. (2023). Attribute Repair for Threat Prevention. In: Guiochet, J., Tonetta, S., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2023. Lecture Notes in Computer Science, vol 14181. Springer, Cham. https://doi.org/10.1007/978-3-031-40923-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-40923-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40922-6
Online ISBN: 978-3-031-40923-3
eBook Packages: Computer ScienceComputer Science (R0)