DRBD-AFT

A combined model of dynamic reliability block diagrams (DRBD) and attack-fault trees (AFT).
Specurity Aspects
Name
Description
The dynamic reliability block diagrams express dynamic and complex aspects of infrastructures such as redundancy policy management and load sharing whereas attack-fault trees model combinations of component disruptions that can lead to subsystem disruptions.
Specification Elements
Name
Description
A block represents a functional system component.
An interaction between two blocks.
The input or output of a block.
Connects two blocks via their endpoints.
Attack-fault trees (AFTs) model how a top-level (safety or security) goal can be refined into smaller sub-goals, until no further refinement is possible.
Leaves of an AFT model either the basic component failures (BCF), the basic attack steps (BAS) or on demand instant failures (IFAIL).
Complex multi-step disruption scenarios are modeled by a composition of multiple basic attack steps (BAS), basic component failures (BCF) and demand instant failures (IFAIL) through gates: AND, OR, SAND, VOT (k)/n, PAND, FDEP, and SPARE.
Defines the role, abilities, resource prerequisites and the threat capability of an attacker.

  • Security Aspects

    • Disruption Scenario

      The dynamic reliability block diagrams express dynamic and complex aspects of infrastructures such as redundancy policy management and load sharing whereas attack-fault trees model combinations of component disruptions that can lead to subsystem disruptions.
      Specification Elements:
      AFT
      AFT Leave
      AFT Leave
      Block
      Edge
      Endpoint
      Attacker profile
      Threats:
      Spoofing
      Tampering with Data
      Repudiation
      Information Disclosure
      Denial of Service
      Elevation of Privileges

    Specification Elements

    • Block

      A block represents a functional system component.
      Applies to:
      Node
      Component
      Entity
      Activity

    • Event

      An interaction between two blocks.
      Applies to:
      ControlFlow

    • Endpoint

      The input or output of a block.
      Applies to:
      Connection

    • Edge

      Connects two blocks via their endpoints.
      Applies to:
      Connection
      InformationFlow

    • AFT

      Attack-fault trees (AFTs) model how a top-level (safety or security) goal can be refined into smaller sub-goals, until no further refinement is possible.
      Applies to:

    • AFT Leave

      Leaves of an AFT model either the basic component failures (BCF), the basic attack steps (BAS) or on demand instant failures (IFAIL).
      Applies to:
      Node
      Component
      Activity

    • AFT Gate

      Complex multi-step disruption scenarios are modeled by a composition of multiple basic attack steps (BAS), basic component failures (BCF) and demand instant failures (IFAIL) through gates: AND, OR, SAND, VOT (k)/n, PAND, FDEP, and SPARE.
      Applies to:

    • Attacker profile

      Defines the role, abilities, resource prerequisites and the threat capability of an attacker.
      Applies to:
      Entity