Examination of the Interplay of Reliability and Security using System Modeling Language (SysML). By Venkateswara Reddy Tallapu

Agenda.. 1.Introduction to terms (Reliability, Security, Interplay) 2.Brief discussion about SysML 3.Modeling Reliability and Security in the SysML 4.Example for the Interplay of Reliability and Security using the SysML 5.Conclusion 6.References 7.Queries..??

1.Introduction to terms (Reliability, Security, Interplay) a)Reliability: The term reliability refers to the ability of a computer-related hardware or software component to consistently perform according to its specifications. b)Security: Security includes many different techniques and methods which ensure security from threats and attacks. c)Interplay: The way in which the reliability and security have an effect on each other in this discussion.

2.Brief discussion about SysML  System Modeling Language (OMG SysML) is a graphical modeling language that has been developed to describe complex systems.  It provides semantics and notations to describe complex systems independent of engineering tools and methodologies.  It is largely specified by the members of INCOSE working in conjunction with the OMG.  It supports the specification, verification, design, analysis, and validation of systems that include hardware, software, data, personnel, procedures and facilities.  SysML is not a methodology.  SysML is not a process.  SysML is not a tool.

Contd.. Relationship between SysML and UML Example Fig: 1

3. Modeling Reliability and Security in the SysML  To model Reliability and Security in the SysML a) The definition of failure and the SysML Use Case b) Reliability and Security as Single Coherent Concept c) Embedding Reliability and Security in SysML  Motivation: a) Growing use of SysML b) Significant potential benefits for Tightly integrating Depending analysis into system engineering.

Contd.. a) The definition of failure and the SysML Use Case  The SysML Use Case diagram identifies high-level system functionality in terms of the goals of external actors. This then seems to be a natural construct for identifying definitions of failure.  For a given actor, the Use Case defines a functional demand. Loss of a function would be perceived as a system failure by those actors dependent on the associated Use Case.

Contd.. Fig 1: Use Case Diagram for Legitimate System Users

Contd.. Fig 2: Use Case Diagram for Illegal users

Contd.. b) Reliability and Security as s Single Coherent Concept  The definition of reliability presented earlier casts reliability as a probabilistic characteristic dependent on the elements within a system and the context of their usage. Security has now been handed a very similar definition. This particular definition of security suggests that reliability and security may exhibit coherence.  This is to say that they share a fundamental similarity but are contextually separated.

Contd.. c) Embedding Reliability and Security in SysML  The flexibility of SysML and the cross- cutting nature of reliability and security, mostly any SysML diagrams may possess some salient parameter for the enumeration of reliability or security.  Regardless of where the individual details may reside, the model for enumerating reliability or security from these parameters will be documented in a parametric diagram.

4. Example for the Interplay of Reliability and Security using the SysML  In this example we are going to discuss about “how we can protect a pigeon (a bird) from threats and attacks.  To demonstrate this we need the following four activities: a) System Activity Flow b) Attack case- Shoot Pigeon c) Attack case- Poison seed d) Attack case- Intercept Pigeon

Contd.. a) System Activity Flow  The triggers that control the enabling of individual reliability and security parametric diagrams will depend on the activity flows within the system. Each flow is modeled by a set of SysML Activity Diagrams that will associate with a series of parametric models such as the example shown in Figure 3.  There are three major activity flows considered in the example system (Figure 4). The flow of the pigeon begins with training of the pigeon to program its homing instinct. The pigeon then enters a continuous cycle of being cooped at headquarters, deployed, and finally sent back to headquarters with an attached message.

Contd.. Fig 3: Example of parametric Diagram for the cumulative damage weibull Reliability function

Contd.. Fig 4: Multiple flow of items through activities describe operation of the conceptual system.

Contd.. Fig 5: Activities of illegitimate actors attempt to alter or disrupt normal flows.

b) Attack case- Shoot Pigeon b) Attack case- Shoot Pigeon  The Shoot Pigeon attack is the crudest form of attack being considered. The intent of the illegitimate actor is to simply stop the delivery of a sent message by killing the pigeon.  For this attack, the prepared attacker relies on having the opportunity to observe the in-flight pigeon. The resulting activity flow for the attack is to observe then shoot a message carrying pigeon.  In this cohesive case reliability and security directly interact but the characteristic of the interaction depends on the constraining parameters.

c) Attack case- Poison seed c) Attack case- Poison seed  The intent of the Poison Seed attack is to target the food supply to kill all pigeons. In this attack the activity flow begins with the attacker introducing poison to the food supply. The attack then relies on the system’s own functions to distribute the infected feed.  The more reliably the infected seed gets distributed the greater the potential damage done by an unseen attack. Because the attack relies on nominal system flows many of the same models get applied to simultaneously consider both reliability and security.

d) Attack case- Intercept Pigeon  The Intercept Pigeon attack contains the possibility that a successful attack might go unnoticed by the system operators. In this case the intent of the attacker is to intercept and read a sent message and then substitute a false message into the system.  The activity flow is to intercept a message carrying pigeon, detach and decode the attached message, encode and attach the false message, and then release the pigeon.

5. Conclusion  Various forms of attacks on a hypothetical communication system were reviewed to describe some of the reliability-security interactions that have been observed. In general the coherence between reliability and security is found to depend on the objective of the attack and the knowledge of the attacker. Security from attacks directed directly at an activity flow tended to correlate positively with reliability.  In contrast, security from attacks that rely on the system flows correlate negatively with reliability but require a more knowledgeable adversary. The cohesion between reliability and security for some attacks is found to depend on both the knowledge of the attacker and the robustness of the system.

6. References OMG Systems Modeling Language (OMG SysML™) Specification.

7. Queries..??