Generating attacks in SysML activity diagrams by detecting attack surfaces

Samir Ouchani, Gabriele Lenzini

    Research output: Contribution to journalArticleAcademicpeer-review

    4 Citations (Scopus)


    In the development process of a secure system is essential to detect as early as possible the system’s vulnerable points, the so called attack surfaces, and to estimate how feasible it would be that known attacks breach through them. Even if attack surfaces can be sometimes detected automatically, mapping them against known attacks still is a step apart. Systems and attacks are not usually modelled in compatible formalisms. We develop a practical framework that automates the whole process. We formalize a system as SysML activity diagrams and in the same formalism we model libraries of patterns taken from standard catalogues of social engineering and technical attacks. An algorithm that we define, navigates the system’s diagrams in search for its attack surfaces; then it evaluates the possibility and the probability that the detected weak points host attacks among those in the modelled library. We prove the correctness and the completeness of our approach and we show how it works on a use case scenario. It represents a very common situation in the domain of communication and data security for corporations.
    Original languageEnglish
    Pages (from-to)361-373
    Number of pages13
    JournalJournal of ambient intelligence and humanized computing
    Issue number3
    Publication statusPublished - Jun 2016


    • EC Grant Agreement nr.: FP7/318003
    • METIS-318571
    • EWI-27347
    • IR-101832
    • EC Grant Agreement nr.: FP7/2007-2013
    • n/a OA procedure


    Dive into the research topics of 'Generating attacks in SysML activity diagrams by detecting attack surfaces'. Together they form a unique fingerprint.

    Cite this