Abstract
Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We provide a structured method that combines the Si* language, which can express attacker motivations as a goal hierarchy, and vulnerability specific attack graphs, which shows every step available for an attacker. We derive system specific information from the low-level representation of the system for a high-level probabilistic analysis.
This research was partially supported by the EU FP7 Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS, no 256980) and SESAMO, no 295354 projects.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In fact, Si* does not allow using the same subgoals in different parts of the tree, but we still keep multiset of nodes (instead of a powerset) for compliance with [12].
- 2.
- 3.
NIST Vulnerability Database: http://nvd.nist.gov/.
References
Asnar, Yudistira, Massacci, Fabio: A method for security governance, risk, and compliance(GRC): a goal-process approach. In: Aldini, Alessandro, Gorrieri, Roberto (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 152–184. Springer, Heidelberg (2011)
Beckers, K.: Goal-based establishment of an information security management system compliant to ISO 27001. In: Geffert, V., Preneel, B., Rovan, B., Štuller, J., Tjoa, A.M. (eds.) SOFSEM 2014. LNCS, vol. 8327, pp. 102–113. Springer, Heidelberg (2014)
Beckers, K., Côté, I., Hatebur, D., Faßbender, S., Heisel, M.: Common Criteria CompliAnt Software Development (CC-CASD). In: Proceedings of 28th SAC, pp. 937–943. ACM (2013)
Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: Proceedings of the 1st ARES, pp. 416–423. IEEE (2006)
Dalton II, G.C., Colombi, J.M., Mills, R.F., Raines, R.A.: Analyzing attack trees using generalized stochastic petri nets. In: Proceedings of the IAS, pp. 116–123. IEEE (2006)
Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the 2002 IEEE CSF, p. 49. IEEE (2002)
Jürjens, J.: Using UMLsec and goal trees for secure systems development. In: Proceedings of the 2002 SAC, pp. 1026–1030. ACM Press (2002)
Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Towards modelling adaptive attacker’s behaviour. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 357–364. Springer, Heidelberg (2013)
LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Proceedings of the 8th QEST, pp. 191–200. IEEE (2011)
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of the 11th RE, pp. 151–161. IEEE (2003)
Massacci, Fabio, Mylopoulos, John, Zannone, Nicola: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Zbigniew W., Tsay, Li-Shiang (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)
Mouratidis, H., Giorgini, P., Manson, G.: Using security attack scenarios to analyse security during information systems design. In: Proceedings of ICEIS, pp. 10–17 (2004)
Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the VizSEC/DMSEC (2004)
Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven markov processes (bdmp). In: Proceedings of the EDCC, pp. 199–208. IEEE (2010)
Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: Proceedings of the 20th ACSAC, pp. 370–379. IEEE (2004)
Sarraute, C., Richarte, G., Obes, J.L.: An algorithm to find optimal attack paths in nondeterministic scenarios. In: Proceedings of the 4th AISec, pp. 71–80. ACM (2011)
Schneier, B.: Attack trees: Modelling security threats. Dr. Dobb’s journal, December 1999
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th ICSE, pp. 148–157. IEEE (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F., Meis, R., Yautsiukhin, A. (2014). Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis. In: Cuellar, J. (eds) Smart Grid Security. SmartGridSec 2014. Lecture Notes in Computer Science(), vol 8448. Springer, Cham. https://doi.org/10.1007/978-3-319-10329-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-10329-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10328-0
Online ISBN: 978-3-319-10329-7
eBook Packages: Computer ScienceComputer Science (R0)