Dubhe: Behavioural Security Posture Analysis Tool
Dubhe is an automated tool that can determine a system’s behavioural security posture by analyzing UML activity diagrams. Requiring a single XMI file for analysis, Dubhe offloads as much responsibility from designers to perform system security analysis.
Dubhe works by calculating two security metrics: Critical Element Risk Index (CERI) and Corruption Propagation Potential (CPP). These metrics are used to inform a system’s behavioural security posture, which is a representation of a system’s hardness against element-based and flow-based threats targeting a system’s behavioural representation. As part of determining these metrics, Dubhe will analyze and identify threatening element patterns within UML activity diagrams and report any unmitigated threats back to the designer. CERI can be used to prioritize the hardening of system elements that are detected to be participating in the most unmitigated threat patterns, while CPP can be used to prioritize the placement of mitigations against data corruption attacks. This information is summarized by Dubhe and presented to the designer as a savable report that they can use to make modifications to their behavioural system designs.
Related Publications
- John Breton, Jason Jaskolka, and George O.M. Yee. Hardening systems against data corruption attacks at design time. In Proceedings of the 16th International Symposium on Foundations & Practice of Security, FPS 2023, pages 391–407, Bordeaux, France, 2023.
- John Breton. Analyzing the Behavioural Security Posture of Software Systems. Master’s Thesis, Carleton University, Ottawa, ON, Canada, 2024.
Try Dubhe
Screenshots
