Home - RisQFLan/RisQFLan GitHub Wiki
RisQFLan
RisQFLan: Quantitative Security Risk Modeling and Analysis using QFLan
From Software Engineering to Security
RisQFLan is a software tool for the modeling and analysis of threat and risk scenarios. The tool supports a generalization of Attack-Defense trees enriched with attackers behaviour and quantitative constraints. RisQFLan is a porting to the security domain of QFLan, a successful software engineering approach for the modeling and analysis of highly configurable systems.
Quantitative Analysis
The tool offers an easy-to-use rule-based probabilistic language to specify attack models with probabilistic behaviour. Quantitative constraints can be used to restrict the class of admissible attacks.
RisQFLan allows for two types of quantitative analysis:
- Statistical Analysis through an integration with the distributed statistical model checker MultiVeStA
- Exact analysis through a tool-chaining with the probabilistic model checkers PRISM and STORM. RisQFLan exports the state-space of a model, if finite, in the form of a discrete-time Markov chain in a format supported by both tools.
This enables efficient quantitative analyses, including questions like:
- What is the average cost of attacks (at varying of time)?
- What is the probability of success of an attack, given a specific attacker constrained by quantitative constraints?
Modern GUI
The tool comes with a modern integrated development environment built using XTEXT technology, featuring high-level model and property specification languages.
Download and Installation
RisQFLan is a multi-platform application based on the Eclipse framework. It currently runs on Linux and Mac machines.
RisQFLan does not require any installation process, apart from a working installation of Java 11.
- For more information, visit the corresponding page on the menu on the right.
The complete source code of RisQFLan is available in this public repository.
Usage
Please refer to the page 'Models from ...' on the menu on the right for:
- Usage information
- Reproducing experiments discussed in the corresponding paper
- Obtaining the models described in the corresponding paper