Búsqueda avanzada

Resultados de búsqueda para reasoning

AMADEUS: Towards the AutoMAteD secUrity teSting

The proper configuration of systems has become a fundamental factor to avoid cybersecurity risks. Thereby, the analysis of cybersecurity vulnerabilities is a mandatory task, but the number of vulnerabilities and system configurations that can be threatened is extremely high. In this paper, we propose a method that uses software product line techniques to analyse the vulnerable configuration of the systems. We propose a solution, entitled AMADEUS, to enable and support the automatic analysis and testing of cybersecurity vulnerabilities of configuration systems based on feature models. AMADEUS is a holistic solution that is able to automate the analysis of the specific infrastructures in the organisations, the existing vulnerabilities, and the possible configurations extracted from the vulnerability repositories. By using this information, AMADEUS generates automatically the feature models, that are used for reasoning capabilities to extract knowledge, such as to determine attack vectors with certain features. AMADEUS has been validated by demonstrating the capacities of feature models to support the threat scenario, in which a wide variety of vulnerabilities extracted from a real repository are involved. Furthermore, we open the door to new applications where software product line engineering and cybersecurity can be empowered.

Autores: Angel Jesus Varela Vaca / Rafael M. Gasca / José Antonio Carmona-Fombella / Maria Teresa Gómez López / 
Palabras Clave: cybersecurity - feature model - pentesting - reasoning - Testing - vulnerabilities - vulnerable configuration

Ensuring the Semantic Correctness of a BAUML Artifact-centric BPM (Summary)

Using models to represent business processes provides several advantages, such as being able to check the correctness of the processes before their implementation. In contrast to traditional process modeling approaches, the artifact-centric approach treats data as a key element of the process, also considering the tasks or activities that are performed in it. This paper presents a way to verify and validate the semantic correctness of an artifact-centric business process model defined using a combination of UML and OCL models – a BAUML model. To do this, we provide a method to translate all BAUML components into a set of logic formulas. The result of this translation ensures that the only changes allowed are those specified in the model, and that those changes are taking place according the order established by the model. Having obtained this logic representation, these models can be validated by any existing reasoning method able to deal with negation of derived predicates. Moreover, we show how to automatically generate the relevant tests to validate the models and we prove the feasibility of our approach.

Autores: Montserrat Estañol / Maria-Ribera Sancho / Ernest Teniente / 
Palabras Clave: business process modelling - reasoning - Tool - UML - validation - Verification

No encuentra los resultados que busca? Prueba nuestra Búsqueda avanzada