Abstract

In this paper, we address the issue of security risk assessment of systems that are designed by using SysML activity diagrams. For this purpose, we develop a practical framework to enable security requirements specification and security level evaluation. First, we rely on the standard catalogue of attacks to build a library of attacks patterns. Then, we model the extracted patterns as SysML activity diagrams and we develop a specification algorithm in order to automatically generate security requirements relevant to a system under test. In order to evaluate them, we propose a methodology to map the diagrams interaction into a probabilistic model checker. Finally, we demonstrate the effectiveness of our framework on the secure real time streaming protocol.