Translation of AADL model to security attack tree (TAMSAT) to SMART evaluation of monetary security risk

Designing secure architectures for IT infrastructure is a difficult process that needs mechanisms to provide security risk metrics that can help guide the system design process. It is through this evaluation process that a designer can ensure that implementations of a model meet the necessary security-based requirements. This work presents a scheme called TAMSAT for translating early-stage system architecture design models into security-based attack trees, which are evaluated for security risk. These attack trees can be evaluated around a set of assets of importance, whose security risk is classified by a monetary value. This security risk value can inform the system designer and provide input into an iterative design process, as well as illuminate unexpected sources of potential future security issues.