Developer Information for the Targeted Attack Graph Analysis

Introduction EMF

For new developers, we recommend to work through EMF tutorials. One good candidate are the tutorials from Vogella

Attack Propagation Workflow

The workflow of the analysis is defined in the bundle org.palladiosimulator.pcm.confidentiality.context.analysis.execution and the class AttackSurfaceAnalysisWorkflow. It consists first of loading the different models. Afterwards, the vulnerabilities from the Repository are rolled out on the AssemblyContext. Then the analysis is performed. The last step is to save the results.

The analysis execution job (AttackSurfaceAnalysisJob), then executes the analysis. The analysis does not use a PDP or transform the XACML policies. The analysis has their own access decision part implemented.

Attack Propagation Analysis

The main bundle for the attack propagation is edu.kit.ipd.sdq.attacksurface. Here, the entry point for the analysis is AttackSurfaceAnalysis. It contains in the runChangePropagationAnalysis the main steps for identifying the attack paths.

The first step is to initialize the vulnerability map. This is basically a map containing which contains the ID of an architectural elements as key and the corresponding vulnerabilities. We use the map as a cache for vulnerabilities to speed up the vulnerability search. Otherwise, the analysis always have to search lists to identify vulnerable elements.

In the next step, the analysis creates the attack graph. The attack graph is created in parallel and uses Google Guava. The responsible class is AttackGraphCreation. This class already filters out all edges, which contain vulnerabilities that are not relevant based on the specified filters in the attacker model.

After creating the attack graph the attack paths are identified. This is done in the class AttackPathCreation and the attack path identification is delegated to the class DefaultAttackPathFinder. This class converts the Guava graph to a JGraphT graph and then searches for a path from one of the starting point to the target. For the path identification it uses the YenKShortestPath implementation from JGraphT with the CredentialValidator as a custom path validator. This path validator checks whether path requires one of the required credentials and then invalidates the path. The DefaultAttackPathFinder class also provides a method to export the attack graph as a dot file. This is helpful to get a visualization of the actual attack graph. After the identification of the paths, these are stored in the Blackboard.