|The Cyber Security Argument Graph Evaluation (CyberSAGE) tool produces quantitative security assessment metrics and security assurance documentation to support the safe, reliable, and secure operation of critical infrastructure systems. The tool, which is built using Java for cross-platform compatibility, is an implementation of ADSC’s workflow-oriented security assessment framework.|
CyberSAGE is designed to process a range of inputs speciﬁed in XML dialects (e.g., workflow models, system topology, attacker actions/skills). These inputs are then combined in an iterative process using a set of templates to form security argument graphs, which are displayed in a GUI. The argument graph structure can be used to combine quantitative information and reason about a root goal. The tool currently supports probabilistic availability assessment for smart grid communication and control processes based on random failures and deliberate attacks. Two sample screenshots of system input and a security argument graph are shown below.
The CyberSAGE tool is currently under development at ADSC. Please check back for updates, or contact members of our team for more information.