Model-Implemented Attack Injection

In this method, the attacks (which are special types of faults) are injected in the model of the system under test (SUT). MATLAB and LabVIEW are examples of tools used to build such system models. This method is used to verify and validate the system’s capability to handle attacks. The attack handling includes mechanisms to detect and prevent intrusions. This type of attack injection method is used for the system’s evaluation in the early design stages.

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

Attacks can be defined as human made, intentional malicious activity to effect hardware or software from external system boundaries during the operational phase of a system [MIA1].

MIAI is a model-based test and verification framework which enables to test and evaluate the impact of cybersecurity threats by injecting attack models into the target system model at early design and development phases [MIA3].

The MIAI methodology supports the use of cybersecurity attack models capable of jamming, replay, denial of service and intercept, etc. [MIA2] [MIA3] [MIA4].

Method Strengths A listof the strengths of the method

MIAI is aligned with the shift-left approach [MIA5] where the focus of the test and verification activities are shifted towards the early design and development process to find and improve the weaknesses of the software as much as possible and as early as possible with less effort and resources.
MIAI is used for testing and verification of the cybersecurity of the simulated model of the intended software. This gives an early evaluation of the software behaviour under the presence of attacks.
MIAI gives valuable input to the design allowing the development engineers to get a holistic view of the cybersecurity bottlenecks.
MIAI can be used to evaluate the intrusion detection and handling mechanisms as well as system behaviour under the presence of attacks.
Measurements from MIAI may be useful in later V&V.

Method Limitations The limitations of the method

The MIAI is limited to the attack injection on the simulation level (simulation-based attack injection) and it is not possible to inject attacks into actual physical target systems. There are other techniques used to inject attacks on physical level such as vulnerability attack injection.
Accuracy of the attack models with respect to the actual attacks in the physical system may not be adequate.
Any change in the system design in the later stages of the product development cycle might decrease the usefulness of the measurements from the attack model and cannot be used for the comparison of the results between verification and validation stages.

Method References Bibliography references to papers about the method.

[MIA1] B. Sangchoolie, P. Folkesson, and J. Vinter, “A study of the interplay between safety and security using model-implemented fault injection,” in 2018 14th Eur. Dep. Comp. Conf. (EDCC). IEEE, 2018, pp. 41–48.
[MIA2] B. Sangchoolie, P. Folkesson, Pierre Kleberger and J. Vinter, “Analysis of Cybersecurity Mechanisms with respect to Dependability and Security Attributes,” in 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops.
[MIA3] P. Folkesson, B. Sangchoolie, and J. Vinter, “HoliSec D3.3 - Interplay between Safety, Security and Privacy.” The HoliSec Consortium, Mar. 19, 2019.
[MIA4] https://www.microsoft.com/security/blog/2007/09/11/stride-chart/
[MIA5] Bjerke-Gulstuen K., Larsen E.W., Stålhane T., Dingsøyr T. (2015) High Level Test Driven Development – Shift Left. In: Lassenius C., Dingsøyr T., Paasivaara M. (eds) Agile Processes in Software Engineering and Extreme Programming. XP 2015. Lecture Notes in Business Information Processing, vol 212. Springer, Cham. https://doi.org/10.1007/978-3-319-18612-2_23

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.