Welcome to Palladio Attack Propagation’s documentation!

This contains the documentation for multiple Eclipse plugins to analyze confidentiality properties of a given software architecture. It uses the Palladio Component Model (PCM). Currently, 3 types of analyses are supported:

1. Scenario Access Usage Analysis [5]

   • different usage scenarios from PCM are analyzed regarding access violations

   • misusage scenarios are supported (similar to misusage diagrams)

2. Attack Propagation Analysis [4]

   • propagation based on CVE and CWE vulnerabilities

   • supports different authorization levels and gaining of new credentials

3. Targeted Attack Graph Analysis [3]

   • find attack paths to a targeted element

   • uses filters to identify relevant attack path

Contents:

• Installation
  • Dependencies
  • Palladio-Bench (Attack Drop)
  • Manual Installation
  • Update Site Installation
  • Recommended Developer Installation
• Application Scenarios
  • Maintenance Scenario (Running Example)
• User Documentation
  • Palladio
  • Modelling Access Control Properties
  • Modeling Attackers & Vulnerabilities
  • Analysing Scenario-based Access Control Policies
  • Analyzing Attack Propagations
  • Analyzing Targeted Attack Paths
• Developer Documentation
  • Developer Information for the Attack Propagation Analysis
  • Developer Information for the Scenario Analysis
  • Developer Information for the Targeted Attack Graph Analysis
  • XACML Transformation

References

[1]

Rima Al-Ali, Robert Heinrich, Petr Hnetynka, Adrian Juan-Verdejo, Stephan Seifermann, and Maximilian Walter. Modeling of dynamic trust contracts for industry 4.0 systems. In 12th European Conference on Software Architecture: Companion Proceedings (ECSA '18), September 24–28, 2018, Madrid, Spain. ACM, 2018. URL: https://publikationen.bibliothek.kit.edu/1000087072, doi:10.1145/3241403.3241450.

[2]

Ralf H. Reussner, Steffen Becker, Jens Happe, Robert Heinrich, Anne Koziolek, Heiko Koziolek, Max Kramer, and Klaus Krogmann. Modeling and Simulating Software Architectures – The Palladio Approach. MIT Press, Cambridge, MA, October 2016. ISBN 9780262034760. URL: https://web.archive.org/web/20180415104041/http://mitpress.mit.edu/books/modeling-and-simulating-software-architectures.

[3]

Maximilian Walter and Ralf Heinrich, Robert Reussner. Architecture-based attack path analysis for identifying potential security incidents. In 17th European Conference on Software Architecture (ECSA). 2023. accepted, to appear.

[4]

Maximilian Walter, Robert Heinrich, and Ralf Reussner. Architectural attack propagation analysis for identifying confidentiality issues. In 2022 IEEE 19th International Conference on Software Architecture (ICSA), 12 S. Institute of Electrical and Electronics Engineers (IEEE), 2022. URL: https://publikationen.bibliothek.kit.edu/1000146787, doi:10.1109/ICSA53651.2022.00009.

[5]

Maximilian Walter and Ralf Reussner. Tool-based attack graph estimation and scenario analysis for software architectures. In Software Architecture : 16th European Conference, ECSA 2022 Tracks and Workshops. 2023. URL: https://publikationen.bibliothek.kit.edu/1000160640, doi:10.1007/978-3-031-36889-9_5.