This software is no longer maintained and there are no plans for a future release. Having said that the basic principles of the software herein and on the cited papers below are still relevant to model-based security and the software should run given that the user installs the versions of dependent software stated below.
CYBOK. A vulnerability assessment tool for model-based systems engineering.
About the papers
Georgios Bakirtzis, Brandon Simon, Aidan Collins, Cody Fleming, and Carl Elks, “Data-Driven Vulnerability Exploration for Design Phase System Analysis” IEEE Systems Journal [proceedings, preprint]
Rationale. Georgios Bakirtzis, Garrett Ward, Christopher Deloglos, Carl Elks, Barry Horowitz, and Cody Fleming, “Fundamental Challenges of Cyber-Physical Systems Security Modeling” IEEE/IFIP DSN 2020 [proceedings, preprint]
Getting started
CYBOK has been tested
with Python 3.7.5 on macOS and Windows 10.
You will need to use Python 3.7.1
or above because the code makes use
of the NamedTuple class and f-strings.
Python
For macOS we recommend installing python3
using homebrew.
brew install python3For Windows we recommend installing python3
using Chocolatey.
chocho install python3(Note: Chocolatey installs python3 as python.
This means that pip3 now maps to pip.
To run cybok use python cybok.py [options]
instead of making the file executable
as with GNU/Linux and macOS.)
Graphviz
To visualize graphs you will need to install graphviz.
For macOS:
brew install graphvizFor Windows:
choco install graphviz --version 2.38CYBOK
To setup CYBOK download this repo in your desired local folder.
git clone https://github.com/bakirtzisg/cybok-cli.gitInstall all python library requirements
from requirements.txt.
pip3 install -r requirements.txtBefore using CYBOK you will need run the update command.
$ python3 cybok --updateThis downloads the latest CAPEC, CWE, and CVE feeds and creates the search index.
🎉 🎉 🎉 🎉 🎉
Quickstart
$ python3 cybok --help
$ python3 cybok --search gps
$ python3 cybok --input "./models/simple_system.graphml"
$ python3 cybok --visualize --input "./models/simple_system.graphml"
$ python3 cybok --visualize --input "./models/simple_system.graphml" --target "MCU"
$ python3 cybok --visualize --input "./models/fcs.graphml" --target "Primary Application Processor"
$ python3 cybok --input "./models/fcs.graphml" --output "fcs"Implemented CLI Functionality
| Argument | Type | Input | Description |
|---|---|---|---|
-h --help | N/A | N/A | shows all available arguments |
-u --update | N/A | N/A | updates all available database data and creates search index |
-s --search | str | search string | takes a string and matches to available database entries |
-i --input | str | model definition in GraphML form | takes a .graphml file and produces a vulnerability report |
-v --visualize | N/A | N/A | creates visualizations for the attack surface and if given a target the exploit chains associated with it |
-t --target | str | vertex name in the system GraphML file | finds all possible exploit chains from any element in the attack surface to that vertex |
-o --output | str | filename or filepath | export all evidence from -s or -i to .graphml or .csv files |
Authors
Georgios Bakirtzis (bakirtzis@virginia.edu) bakirtzis.net