To demonstrate the usability of our language, we have created a tool allowing to use the HoSML language and the Bayesian network in order to simulate human vulnerability in a Socio Technical System (STS).
For the development of this tool we used the GMF/EMF technology which allows to set up an eclipse environment by customizing the pre-existing components. The utility chosen to set up our own environment was Sirius. Sirius is an eclipse environment allowing the use of EMF, GMF and Java technologies. Sirius allows the easy setting up of modeling environment. To do this, Sirius relies on a meta-model describing the domain of the model. This meta-model allows to design all the elements that will be modeled by the personalized environment.
Below, several videos show how our language can be used with a tool, as well as the automatization of the vulnerability simulation which allows to evaluate the impact of a vulnerability in a STS
Tool overview:
Actor and role creation:
Setting human profiles and indirect factor creation:
Document and objectives creation:
Vulnerability simulation:
Maritime piracy scenario:
To illustrate our tool usage, we used the example given in [1]. It was developed with our industrial Partner Naval Group. It concerns a maritime piracy control STS. The latter is operated by a ship in maritime areas prone to piracy. It must allow the control of maritime space to prevent piracy in a given area, in order to protect civilian ships. The Maritime Piracy Control STS (MPC-STS) takes place in a surveillance frigate that is deployed in a theater that requires active surveillance against piracy.
The architecture of this Maritime Piracy Control STS (MPC-STS) is composed of 5 roles: Officer, Chief Monitor, Chief Intervention, First Operator, Monitor Operator.
The architecture we created from this scenario allowed us to simulate different attacks on the STS with our tool. The following video shows you the difference between two actors in the same system, one of which is more vulnerable than the other to an attack of the same level, and those due to indirect factors.
If you want more details on this scenario, please go to the paper. Changes have been made to the model in the meantime but the conclusions and the main elements of the architecture remain the same.
Bibliographie
[1] Paul Perrotin, Salah Sadou, David Hairion, Antoine Beugnard: Detecting human vulnerably in socio-technical systems: a naval case study. Proceeding of the 2nd Workshop of Secure MDE, MODELS Companion 2020: 56:1-56:8