As we have built our SysML models over the previous five parts of this series, we have created a lot of model elements and a lot of connections. It’s reasonable to ask how we can use this network effectively as it grows to thousands or millions of parts, especially when we want to go beyond nearest neighbors. System engineering and security analysis are about going beyond immediate relationships and looking for extended chains of causation, fault trees and emergent behaviors from large networks. But here we can take advantage of advances in information technology, particularly in the area of graph technology.
A graph is a simple concept, that we can model things in terms of nodes and edges. Pretty much all engineering models can be abstracted as graphs, but the real hard-core users of graphs have been the social networks. They deal with networks with millions of members and are constantly looking for ways to connect people through common contacts and shared interests. They have instigated enormous advances in graph databases and pattern matching query languages. Engineers need to take advantage of this new IT infrastructure. They can look at their systems as sets of nodes and edges and use graph technology to navigate the network to find the information they need to develop systems and solve problems. They need to be able to ask questions that are very difficult to answer in the traditional document-based processes.
Syndeia has taken the first steps to apply this idea to MBSE. Syndeia takes the inter-model connections between tools from its own database and the internal connections inside the SysML, combines them and exports them to a graph database, in this case, Neo4j from NeoTech. We can use the Neo4j web interface and the Cypher graph query language to find patterns in the data, quickly even for very large networks.
Figure 1 Neo4j graph visualization – Show Everything
The results in the following figures are the same whether we begin with the MagicDraw/Cameo or IBM Rational Rhapsody SysML models, so we have not created separate blog posts for this final installment. In Figure 1, we asked the database to show us everything. The result is unwieldy, even in a relatively small dataset of 230 nodes and 517 elements, but we can see from the color-coded legend at the top that the graph generated has elements from SysML, including blocks, activities and requirements, as well as Jama, JIRA, GitHub and NX. The real value in this is that we can start to ask more focused questions.
Figure 2 Neo4j graph visualization – Show All Jama requirements
For example, we can ask this same database, show me all the Jama requirements. Figure 2 shows that there are nine different Jama requirements, the blue circles in the diagram, and they’re connected to nine SysML requirements, the grey circles.
Figure 3 Neo4j graph visualization – Show All “Satisfied” Jama requirements
In Figure 3, we ask the model, show me how many of those are satisfied. What we’re actually asking, using pattern matching, is how many Jama requirements are connected to SysML requirements which are also connected by a SysML Satisfy relationship to a system element that some subject matter expert has projected will satisfy that requirement. That’s a three body, non-nearest neighbor pattern that graph query languages are designed to answer very efficiently, typically in milliseconds. In this case, there’s only one Jama requirement that is satisfied, at this stage of the model development, and it is identified.
Figure 4 Neo4j graph visualization – Show all JIRA issues connected to GitHub file “StoreVoteItem”
We can ask other types of questions. In Figure 4, the query is “show me all the JIRA issue that are connected to a specific GitHub software file, the one titled StoreVoteItem”. That is the red circle down in the lower right and the JIRA issues are these grey circles. There are three distinct JIRA issues, each connected to the GitHub file through a chain of four connections. We can also see that there are three connected issues, but four distinct paths, graphically or in a tabular format.
Figure 5 Neo4j graph visualization – Show all GitHub files connected to use case “Steal Votes DRE”
We can ask a similar question in the reverse direction. Figure 5 shows the response to “show all the GitHub files that are connected and potentially impact the use case, Steal Votes DRE”. If that is the particular vulnerability we are concerned with reducing, the model has identified the software files we might need to investigate. The red circles represent these files.
So, by understanding how to query this model, we can ask some very specific questions identifying where to find the information we need to resolve security vulnerabilities in our electronic voting system, even as our model gets large, complex and distributed over many different tools, databases and repositories.
In this series, we have tried to offer some evidence that the MBSE approach, not just including a SysML model, but all the models and data sources involved in the development of the system, provides a clear and unambiguous way to describe the system itself. Second, that by creating that clear specification, it’s easier to do a systematic definition of the failure modes and that this applies directly to security analysis. Finally, given the ability to connect the different models through Syndeia, it makes it easier to identify the specific elements and relationships that we need, when it comes time to start exploring those vulnerabilities and looking for way to reduce or eliminate them
Download links to the SysML models in MagicDraw and IBM Rational Rhapsody are provided below. If you would like to learn more about how Syndeia connects these models to PLM, CAD, requirements, project management and other domains, check out our website or contact Intercax for a web demonstration.
- MBSE for Electronic Voting System Security (MagicDraw) – Part 1
- MBSE for Electronic Voting System Security (MagicDraw) – Part 2
- MBSE for Electronic Voting System Security (MagicDraw) – Part 3
- MBSE for Electronic Voting System Security (MagicDraw) – Part 4
- MBSE for Electronic Voting System Security (MagicDraw) – Part 5
- MBSE for Electronic Voting System Security (Rhapsody) – Part 1
- MBSE for Electronic Voting System Security (Rhapsody) – Part 2
- MBSE for Electronic Voting System Security (Rhapsody) – Part 3
- MBSE for Electronic Voting System Security (Rhapsody) – Part 4
- MBSE for Electronic Voting System Security (Rhapsody) – Part 5