{"id":1843,"date":"2024-10-28T16:07:20","date_gmt":"2024-10-28T20:07:20","guid":{"rendered":"https:\/\/carleton.ca\/cybersea\/?page_id=1843"},"modified":"2026-01-26T10:42:04","modified_gmt":"2026-01-26T15:42:04","slug":"dubhe","status":"publish","type":"page","link":"https:\/\/carleton.ca\/cybersea\/dubhe\/","title":{"rendered":"Dubhe: Behavioural Security Posture Analysis Tool"},"content":{"rendered":"\n
\n
\n\n
\n
\n
\n

\n Dubhe: Behavioural Security Posture Analysis Tool\n <\/h1>\n \n \n <\/header>\n\n <\/div>\n\n <\/div>\n\n <\/div>\n<\/section>\n\n

Dubhe: Behavioural Security Posture Analysis Tool<\/h2>\n\n\n\n

Dubhe<\/em> is an automated tool that can determine a system’s behavioural security posture by analyzing UML activity diagrams. Requiring a single XMI file for analysis, Dubhe offloads as much responsibility from designers to perform system security analysis.<\/p>\n\n\n\n

Dubhe works by calculating two security metrics: Critical Element Risk Index (CERI) and Corruption Propagation Potential (CPP). These metrics are used to inform a system\u2019s behavioural security posture, which is a representation of a system\u2019s hardness against element-based and flow-based threats targeting a system\u2019s behavioural representation. As part of determining these metrics, Dubhe will analyze and identify threatening element patterns within UML activity diagrams and report any unmitigated threats back to the designer. CERI can be used to prioritize the hardening of system elements that are detected to be participating in the most unmitigated threat patterns, while CPP can be used to prioritize the placement of mitigations against data corruption attacks. This information is summarized by Dubhe and presented to the designer as a savable report that they can use to make modifications to their behavioural system designs.<\/p>\n\n\n\n

Related Publications<\/h3>\n\n\n\n