Skip to main content
SpringerLink
Log in

Quantitative Analysis of Network Security with Abstract Argumentation

  • Conference paper
Data Privacy Management, and Security Assurance (DPM 2015, QASA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9481))

  • 977 Accesses

Abstract

An Abstract Argumentation Framework (AAF) represents a useful technique for the analysis of arguments supporting or discouraging decisions (i.e., information can be in conflict). In particular, we apply Abstract Argumentation to support the administration of security in computer networks. Our approach captures the high-level topology of a system and helps to specify which and where security countermeasures are more appropriate. We design a quantitative analysis on AAFs (modelling our domain knowledge) with the purpose to compare different decisions and select the most suitable one to protect the critical assets.

F. Santini supported by GNCS-INDAM “Efficient Methods for Argumentation-based Decision Support”.

A. Yautsiukhin supported by H2020-MSCA-ITN “European Network on Computer Security” (675320) and the PRIN Security Horizons project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We do not distinguish between incoming and outgoing control, but this separation can be easily taken into account by using two couples of connecting arguments (one for incoming and another for outgoing traffic), instead of only one couple.

  2. 2.

    In the current modelling we do not consider distributed attacks.

  3. 3.

    One may argue that a threat also should specify a goal, next to the compromised element, e.g., a hacker may want to attack the PKE goal. In this paper we assume that every threat is binary linked to its goal, and an explicit specification of this goal is then redundant.

References

  1. Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the octave approach. Technical report, Software Engineering Institute, Carnegie Mellon University (2003)

    Google Scholar 

  2. Amgoud, L., Cayrol, C.: On the acceptability of arguments in preference-based argumentation. In Proceedings of the Fourteenth Conference on Uncertainty in Artificial Intelligence, UAI 1998, pp. 1–7. Morgan Kaufmann Publishers Inc. (1998)

    Google Scholar 

  3. Applebaum, A., Levitt, K.N., Rowe, J., Parsons, S.: Arguing about firewall policy. In: Verheij, B., Szeider, S., Woltran, S. (eds.) COMMA, Frontiers in Artificial Intelligence and Applications, vol. 245, pp. 91–102. IOS Press (2012)

    Google Scholar 

  4. Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall policy specification and analysis. In: State, R., van der Meer, S., O’Sullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol. 4269, pp. 185–196. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: Integrated Network Management, pp. 180–187. IEEE (2009)

    Google Scholar 

  6. Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based constraint satisfaction and optimization. J. ACM 44, 201–236 (1997)

    Article  MathSciNet  Google Scholar 

  7. Bistarelli, S., Montanari, U., Rossi, F., Santini, F.: Unicast and multicast QoS routing with soft-constraint logic programming. ACM Trans. Comput. Logic 12(1), 5 (2010)

    Article  MathSciNet  Google Scholar 

  8. Bistarelli, S., Santini, F.: Two trust networks in one: using bipolar structures to fuse trust and distrust. In: Twelfth Annual International Conference on Privacy, Security and Trust, pp. 383–390. IEEE (2014)

    Google Scholar 

  9. Boella, G., Hulstijn, J., van der Torre, L.W.N.: Argumentation for access control. In: AI*IA, pp. 86–97 (2005)

    Google Scholar 

  10. Bouyahia, T., Idrees, M.S., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Metric for security activities assisted by argumentative logic. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 183–197. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  11. Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24th International Conference on Software Engineering (ICSE 2002), pp. 232–240. ACM Press (2002)

    Google Scholar 

  12. Dijkstra, E.W.: A note on two problems in connexion with graphs. Numerische Mathematlk 1, 269–271 (1959)

    Article  MathSciNet  Google Scholar 

  13. Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n-person games. Artif. Intell. 77(2), 321–357 (1995)

    Article  MathSciNet  Google Scholar 

  14. ITC. MAGERIT Version 1.0 Risk analysis and management methodology for information systems Procedures Handbook. Information Technology Council (2000)

    Google Scholar 

  15. Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: Proceedings of the IEEE Computer Society Security Foundations Workshop, p. 49. IEEE Computer Society, Washington, DC (2002)

    Google Scholar 

  16. Karabacak, B., Sogukpinar, I.: Isram: information security risk analysis method. Comput. Secur. 24(2), 147–159 (2005)

    Article  Google Scholar 

  17. Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Formal approach to security metrics. what does “more secure” mean for you? In: Proceedings of the 1st International Workshop on Measurability of Security in Software Architectures. ACM Press (2010)

    Google Scholar 

  18. Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  19. Martinelli, F., Santini, F., Yautsiukhin, A.: Visualising network security through arguments. In: Thirteenth Annual International Conference on Privacy, Security and Trust (PST). IEEE (2015)

    Google Scholar 

  20. Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633–650 (1999)

    Article  Google Scholar 

  21. Rahwan, I., Simari, G.R.: Argumentation in Artificial Intelligence, 1st edn. Springer, US (2009)

    Google Scholar 

  22. Rowe, J., Levitt, K., Parsons, S., Sklar, E., Applebaum, A., Jalal, S.: Argumentation logic to assist in security administration. In: Proceedings of the Workshop on New Security Paradigms, pp. 43–52. ACM (2012)

    Google Scholar 

  23. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273. IEEE Computer Society (2002)

    Google Scholar 

  24. Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. Technical Report 800–30, National Institute of Standards and Technology (2001)

    Google Scholar 

  25. Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29(15), 2917–2933 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Matematica e Informatica, Università di Perugia, Perugia, Italy

    Francesco Santini

  2. Instituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy

    Artsiom Yautsiukhin

Authors
  1. Francesco Santini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Artsiom Yautsiukhin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Artsiom Yautsiukhin .

Editor information

Editors and Affiliations

  1. Telecom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. University of Urbino, Urbino, Italy

    Alessandro Aldini

  4. National Research Council - C.N.R., Pisa, Italy

    Fabio Martinelli

  5. Department of Computer Science, TU Darmstadt, Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Santini, F., Yautsiukhin, A. (2016). Quantitative Analysis of Network Security with Abstract Argumentation. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management, and Security Assurance. DPM QASA 2015 2015. Lecture Notes in Computer Science(), vol 9481. Springer, Cham. https://doi.org/10.1007/978-3-319-29883-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29883-2_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29882-5

  • Online ISBN: 978-3-319-29883-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation