amlsec: Automated Security Risk Identification

Automated Security Risk Identification Using AutomationML-based Engineering Data

This prototype identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts. The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber attacks that potentially lead to physical damage.


The implemented method utilizes a semantic information mapping mechanism realized by means of AML libraries. These AML security extension libraries can be easily reused in engineering projects by importing them into AML files.

The capabilities of this prototype are demonstrated in a case study. Running this prototype as-is will yield the knowledge base (can be accessed via Fuseki), which also includes the results of the risk identification process, and the following pruned cyber-physical attack graph:



The prototype utilizes the Akka framework and is able to distribute the risk identification workload among multiple nodes. The Akka distributed workers sample was used as a template.

To run the cluster with multiple nodes:

  1. Start Cassandra:
$ sbt "runMain org.sba_research.worker.Main cassandra"
  1. Start the first seed node:
$ sbt "runMain org.sba_research.worker.Main 2551"
  1. Start a front-end node:
$ sbt "runMain org.sba_research.worker.Main 3001"
  1. Start a worker node (the second parameter denotes the number of worker actors, e.g., 3):
$ sbt "runMain org.sba_research.worker.Main 5001 3"

If you run the nodes on separate machines, you will have to adapt the Akka settings in the configuration file.

Performance Assessment

The measurements and log files obtained during the performance assessment are available upon request.