Skip to main content
SpringerLink
Log in

Optimizing System Architecture Cost and Security Countermeasures

  • Conference paper
  • First Online:
Graphical Models for Security (GraMSec 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11720))

Included in the following conference series:

Abstract

The design of an embedded system is built on a trade-off between its performance and its cost. Nowadays, the security threats that target most of the embedded systems introduce a new factor in this trade-off: the security level of the system. So system architects must consider, during the design, the different attacks that target the system and the possible countermeasures, and their costs. In this article, we present a methodology to help designers explore different countermeasures and evaluate their impact on the cost of the architecture and the probability of success of an adversary. This methodology is based on extended and formalized Attack-Defense Trees that allow to assess the impact of countermeasures on system components and attacks. We use propagation rules to characterize a main attack from its different steps, and we formalize the trade-off between security and cost by an optimization problem between attack probability and total architecture cost.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. A deep flaw in your car lets hackers shut down safety features. https://www.wired.com/story/car-hack-shut-down-safety-features/

  2. Sysml-sec. http://sysml-sec.telecom-paristech.fr/

  3. TTool. https://ttool.telecom-paristech.fr/

  4. OMG Systems Modeling Language (OMG SysML), V1.0. Technical report, Object Management Group (2007). http://www.omg.org/spec/SysML/1.0/PDF

  5. A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26(C), 1–16 (2017). https://doi.org/10.1016/j.cosrev.2017.09.001

    Article  MathSciNet  Google Scholar 

  6. Research chair Connected Cars and Cyber Security (C3S) (2019). https://www.telecom-paristech.fr/c3s

  7. Audinot, M., Pinchinat, S.: On the soundness of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 25–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9_2

    Chapter  Google Scholar 

  8. Bistarelli, S., Dall’Aglio, M., Peretti, P.: Strategic games on defense trees. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 1–15. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75227-1_1

    Chapter  Google Scholar 

  9. Edge, K., Dalton, G., Raines, R., Mills, R.: Using attack and protection trees to analyze threats and defenses to homeland security, pp. 1–7 (2006). https://doi.org/10.1109/MILCOM.2006.302512

  10. Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48393-1_24

    Chapter  Google Scholar 

  11. Garro, A., Tundis, A.: A model-based method for system reliability analysis (2012)

    Google Scholar 

  12. Ji, X., Yu, H., Fan, G., Fu, W.: Attack-defense trees based cyber security analysis for CPSs. In: 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 693–698 (2016). https://doi.org/10.1109/SNPD.2016.7515980

  13. Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88873-4_8

    Chapter  Google Scholar 

  14. Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14423-3_9

    Chapter  Google Scholar 

  15. Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_15

    Chapter  MATH  Google Scholar 

  16. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6

    Chapter  Google Scholar 

  17. Kordy, B., Piètre-cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: Don’t miss the forest for the attack trees. CoRR (2013)

    Google Scholar 

  18. Kordy, B., Wideł, W.: On quantitative analysis of attack–defense trees with repeated labels. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 325–346. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_14

    Chapter  Google Scholar 

  19. van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157. IEEE Computer Society, Washington, DC, USA (2004). http://dl.acm.org/citation.cfm?id=998675.999421

  20. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17

    Chapter  Google Scholar 

  21. Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Sci. Coll. 23(4), 124–131 (2008). http://dl.acm.org/citation.cfm?id=1352079.1352100

    Google Scholar 

  22. Schneier, B.: Secrets & Lies: Digital Security in a Networked World, 1st edn. Wiley, New York (2000)

    Google Scholar 

  23. Steiner, M., Liggesmeyer, P.: Qualitative and quantitative analysis of CFTs taking security causes into account. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 109–120. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_10

    Chapter  Google Scholar 

  24. Zhou, S., Sun, Q., Jiao, J.: A safety modeling method based on SysML. In: 2014 10th International Conference on Reliability, Maintainability and Safety (ICRMS), pp. 1180–1185 (2014). https://doi.org/10.1109/ICRMS.2014.7107390

Download references

Acknowledgments

This work is supported by the research chair Connected Cars and Cyber Security (C3S) [6] founded by Nokia, Renault, Thales, Valeo, Wavestone, Fondation Mines-Télécom and Télécom Paris.

Author information

Authors and Affiliations

  1. LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France

    Sahar Berro, Ludovic Apvrille & Guillaume Duc

Authors
  1. Sahar Berro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ludovic Apvrille
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillaume Duc
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guillaume Duc .

Editor information

Editors and Affiliations

  1. George Mason University , Fairfax, VA, USA

    Massimiliano Albanese

  2. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Ross Horne

  3. Unitec Institute of Technology, Auckland, New Zealand

    Christian W. Probst

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Berro, S., Apvrille, L., Duc, G. (2019). Optimizing System Architecture Cost and Security Countermeasures. In: Albanese, M., Horne, R., Probst, C. (eds) Graphical Models for Security. GraMSec 2019. Lecture Notes in Computer Science(), vol 11720. Springer, Cham. https://doi.org/10.1007/978-3-030-36537-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36537-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36536-3

  • Online ISBN: 978-3-030-36537-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation