Vulnerability modeling and analysis for critical infrastructure protection applications

Effective critical infrastructure protection requires methodologies and tools for the automated evaluation of the vulnerabilities of assets and the efficacy of protection systems. This paper presents a modeling language for vulnerability analysis in critical infrastructure protection applications. The language extends the popular Unified Modeling Language (UML) to provide vulnerability and protection modeling functionality. The extended language provides an abstract representation of concepts and activities in the infrastructure protection domain that enables model-to-model transformations for analysis purposes. The application of the language is demonstrated through a use case that models vulnerabilities and physical protection systems in a railway station.