Skip to content
This repository has been archived by the owner on Oct 1, 2021. It is now read-only.

A security dashboard for analyzing cyber-physical system designs

License

Notifications You must be signed in to change notification settings

bakirtzisg/security-analyst-dashboard

Repository files navigation

This software is no longer maintained and there are no plans for a future release. Having said that the basic principles of the software herein and on the cited papers below are still relevant to model-based security and the software should run given that the user installs the versions of dependent software stated below.

bakirtzisg/security-analyst-dashboard

Security Analyst Dashboard. A dashboard for cyber-physical system design and analysis.

About the papers

Georgios Bakirtzis, Brandon Simon, Cody Fleming, and Carl Elks, “Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis,” IEEE VizSec 2018 [proceedings, preprint, talk]

Rationale. Georgios Bakirtzis, Garrett Ward, Christopher Deloglos, Carl Elks, Barry Horowitz, and Cody Fleming, “Fundamental Challenges of Cyber-Physical Systems Security Modeling” IEEE/IFIP DSN 2020 [proceedings, preprint]

Getting Started

The dashboard works in conjunction with cybok-cli & graphml_export—which produce the data requirements for this project.

Prerequisites

The following are required to run the dashboard: Java JDK 8, Python >=3.6.4 and the rest of cybok-cli’s prerequisites.

Building and Running

The following script will automatically initialize the cybok-cli submodule, compile the code if needed, and start the security analyst dashboard.

Windows:

$./build_and_run.bat

GNU/Linux or macOS:

$./build_and_run.sh

Usage

Once running the dashboard first checks two things: (1) that a correct version of python is installed and (2) that a correct installation of cybok-cli exists within the repo. In the event that either of those checks fail, the dashboard will terminate.

At first launch, the user is prompt to update the data requirements of cybok-cli. If the data does not exist, it populates the correct structures within cybok-cli. (Unfortunately both these actions take some time at the moment, please be patient.) Without this step the dashboard will not operate properly.

Accepted Models

The dashboard is agnostic to modeling tool as long as a GraphML file is provided. There are two types of models that input into the dashboard: (1) system topology graph and (2) specification graph. The specification is optional; that is, only the system topology graph is necessary.

For the system topology graph model you can look at this paper:

Georgios Bakirtzis, Bryan T. Carter, Carl R. Elks, and Cody H. Fleming, “A Model-Based Approach to Security Analysis for Cyber-Physical Systems,” IEEE SysCon 2018 [preprint, proceedings]

Briefly the following schema is used for the system topology:

AttributeDescription
Entry PointsHow external devices interact with the system
SoftwareWhat software the vertex uses
FirmwareWhat firmware the vertex uses
Operating SystemWhat operating system the vertex uses
DeviceThe device name that the vertex is
CommunicationWhat protocol is used in an edge

and this one for the specification graph

AttributeDescription
TypeType of requirement; Structure, Mission, or Function
DescriptionDescription of the requirement

For specifics on writing such GraphML files you can look in the data folder.

Toolbar options

ButtonDescription
Load TopologyFile loading dialog to select the topology and (optionally) the system specification file
Attack SurfacesToggles the visibility of attack surfaces on the topology graph
AnalysisPerforms the Attack Vector analysis on the topology graph using cybok-cli
Show DeletedToggles the visibility of deleted attack vectors in the attack vector space and tree views
Show HiddenToggles the visibility of hidden attack vectors in the attack vector space and tree views
Show CVEToggles the visibility of CVE attack vectors in the attack vector space and tree views
Add to BucketAdds all the selected attack vectors to the bucket
Delete AttacksDeletes all the selected attack vectors

Key bindings

CommandDescription
CTRL+Ssave node positions of the selected graph to a file
CTRL+Lload node positions of the selected graph from file
CTRL+Eexports the selected graph as a .graphml file
CTRL+Ffreeze/unfreeze auto layout
CTRL+G(attack vector space) grows the current selection (selects the nodes related to it)
CTRL+B(attack vector space) adds the selected nodes to the bucket
CTRL+I(attack vector space) opens a panel with additional information of the selected node
CTRL+A(bucket) selects all visible nodes
DELdeselects the current selection
DEL(bucket) removes all checked entries from the bucket

Screenshot

Authors

Georgios Bakirtzis (bakirtzis@virginia.edu) bakirtzis.net
Brandon Simon (simonbj@vcu.edu)

About

A security dashboard for analyzing cyber-physical system designs

Resources

License

Stars

Watchers

Forks

Packages

No packages published