Abstract
The design of an embedded system is built on a trade-off between its performance and its cost. Nowadays, the security threats that target most of the embedded systems introduce a new factor in this trade-off: the security level of the system. So system architects must consider, during the design, the different attacks that target the system and the possible countermeasures, and their costs. In this article, we present a methodology to help designers explore different countermeasures and evaluate their impact on the cost of the architecture and the probability of success of an adversary. This methodology is based on extended and formalized Attack-Defense Trees that allow to assess the impact of countermeasures on system components and attacks. We use propagation rules to characterize a main attack from its different steps, and we formalize the trade-off between security and cost by an optimization problem between attack probability and total architecture cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A deep flaw in your car lets hackers shut down safety features. https://www.wired.com/story/car-hack-shut-down-safety-features/
Sysml-sec. http://sysml-sec.telecom-paristech.fr/
OMG Systems Modeling Language (OMG SysML), V1.0. Technical report, Object Management Group (2007). http://www.omg.org/spec/SysML/1.0/PDF
A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26(C), 1–16 (2017). https://doi.org/10.1016/j.cosrev.2017.09.001
Research chair Connected Cars and Cyber Security (C3S) (2019). https://www.telecom-paristech.fr/c3s
Audinot, M., Pinchinat, S.: On the soundness of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 25–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9_2
Bistarelli, S., Dall’Aglio, M., Peretti, P.: Strategic games on defense trees. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 1–15. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75227-1_1
Edge, K., Dalton, G., Raines, R., Mills, R.: Using attack and protection trees to analyze threats and defenses to homeland security, pp. 1–7 (2006). https://doi.org/10.1109/MILCOM.2006.302512
Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48393-1_24
Garro, A., Tundis, A.: A model-based method for system reliability analysis (2012)
Ji, X., Yu, H., Fan, G., Fu, W.: Attack-defense trees based cyber security analysis for CPSs. In: 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 693–698 (2016). https://doi.org/10.1109/SNPD.2016.7515980
Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88873-4_8
Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14423-3_9
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_15
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6
Kordy, B., Piètre-cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: Don’t miss the forest for the attack trees. CoRR (2013)
Kordy, B., Wideł, W.: On quantitative analysis of attack–defense trees with repeated labels. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 325–346. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_14
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157. IEEE Computer Society, Washington, DC, USA (2004). http://dl.acm.org/citation.cfm?id=998675.999421
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17
Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Sci. Coll. 23(4), 124–131 (2008). http://dl.acm.org/citation.cfm?id=1352079.1352100
Schneier, B.: Secrets & Lies: Digital Security in a Networked World, 1st edn. Wiley, New York (2000)
Steiner, M., Liggesmeyer, P.: Qualitative and quantitative analysis of CFTs taking security causes into account. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 109–120. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_10
Zhou, S., Sun, Q., Jiao, J.: A safety modeling method based on SysML. In: 2014 10th International Conference on Reliability, Maintainability and Safety (ICRMS), pp. 1180–1185 (2014). https://doi.org/10.1109/ICRMS.2014.7107390
Acknowledgments
This work is supported by the research chair Connected Cars and Cyber Security (C3S) [6] founded by Nokia, Renault, Thales, Valeo, Wavestone, Fondation Mines-Télécom and Télécom Paris.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Berro, S., Apvrille, L., Duc, G. (2019). Optimizing System Architecture Cost and Security Countermeasures. In: Albanese, M., Horne, R., Probst, C. (eds) Graphical Models for Security. GraMSec 2019. Lecture Notes in Computer Science(), vol 11720. Springer, Cham. https://doi.org/10.1007/978-3-030-36537-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-36537-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36536-3
Online ISBN: 978-3-030-36537-0
eBook Packages: Computer ScienceComputer Science (R0)