www.elsevier.com/locate/ijcip Available online at www.sciencedirect.com Vulnerability modeling and analysis for critical infrastructure protection applications Stefano Marrone a,n , Roberto Nardone b , Annarita Tedesco b , Pasquale D’Amore b , Valeria Vittorini c , Roberto Setola d , Francesca De Cillis d , Nicola Mazzocca c a Seconda Universita di Napoli, Dipartimento di Matematica e Fisica, viale Lincoln, 5, 81100 Caserta, Italy b Ansaldo STS, Innovation and Competitiveness Unit, Via Argine 425, Naples, Italy c Universita di Napoli Federico II, Dipartimento di Ingegneria Elettrica e delle Tecnologie dell'Informazione, Via Claudio 21, 80125 Naples, Italy d Faculty of Engineering, Universita campus Bio-Medico di Roma, via Alvaro del Portillo 21, 00128 Rome, Italy article info Article history: Received 18 January 2013 Available online 14 October 2013 Keywords: Railway infrastructure Physical vulnerability assessment UML profiles abstract Effective critical infrastructure protection requires methodologies and tools for the automated evaluation of the vulnerabilities of assets and the efficacy of protection systems. This paper presents a modeling language for vulnerability analysis in critical infrastructure protection applications. The language extends the popular Unified Modeling Language (UML) to provide vulnerability and protection modeling functionality. The extended language provides an abstract representation of concepts and activities in the infrastructure protection domain that enables model-to-model transformations for analy- sis purposes. The application of the language is demonstrated through a use case that models vulnerabilities and physical protection systems in a railway station. & 2013 Elsevier B.V. All rights reserved. 1. Introduction The impact of the terrorist attacks on September 11, 2011 dramatically underscored the fragility of the critical infra- structure and its importance to modern society. This is especially true of critical infrastructure assets such as railway systems. Indeed, the number of attacks on railway assets during the past decade demonstrates the attractiveness of the infrastructure as a target for criminals and terrorists [6]. The massive crowds, potentially high fatality rates, societal reliance and open and accessible designs are all factors that contribute to the railway infrastructure being considered a soft target for assailants. Physical protection systems incorporating people, policies and equipment are used to secure critical infrastructure assets from malevolent acts. Despite the increase in threat aware- ness and published best practices, organizations lack formal approaches for evaluating the effectiveness of decisions regarding the implementation of physical protection systems. Indeed, current assessment practices rely on compliance- based approaches (i.e., presence of appropriate components) and performance-based approaches (i.e., evaluation of the consequences of successful attacks). This paper describes the results of research conducted under the ongoing EU co-funded project, Methodological Tool for Railway Infrastructure Protection (METRIP) [15], which is focused on developing a decision-making system for physical protection system design. The decision-making system is intended to: (i) suggest the types and dispositions of devices that maximize protection effectiveness; and (ii) help evaluate 1874-5482/$ - see front matter & 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.ijcip.2013.10.001 n Corresponding author. E-mail address: stefano.marrone@unina2.it (S. Marrone). international journal of critical infrastructure protection6 (2013) 217–227