Dubhe is an automated tool that can determine a system's behavioural security posture by analyzing UML activity diagrams. Requiring a single XMI file for analysis, Dubhe offloads as much responsibility from designers to perform system security analysis.
Dubhe works by calculating two security metrics: Critical Element Risk Index (CERI) and Corruption Propagation Potential (CPP). These metrics are used to inform a system’s behavioural security posture, which is a representation of a system’s hardness against element-based and flow-based threats targeting a system’s behavioural representation. As part of determining these metrics, Dubhe will analyze and identify threatening element patterns within UML activity diagrams and report any unmitigated threats back to the designer. CERI can be used to prioritize the hardening of system elements that are detected to be participating in the most unmitigated threat patterns, while CPP can be used to prioritize the placement of mitigations against data corruption attacks. This information is summarized by Dubhe and presented to the designer as a savable report that they can use to make modifications to their behavioural system designs.
Dubhe is a star in the Ursa Major constellation. It is commonly referred to as a pointer star as it is helpful for finding Polaris, also known as the North Star. Dubhe follows the naming conventions of previously released security posture analysis tools.
Open-source
Dubhe App
Apache 2.0
Python
John Breton
CyberSEA Lab (Carleton University)