Abstract
An Abstract Argumentation Framework (AAF) represents a useful technique for the analysis of arguments supporting or discouraging decisions (i.e., information can be in conflict). In particular, we apply Abstract Argumentation to support the administration of security in computer networks. Our approach captures the high-level topology of a system and helps to specify which and where security countermeasures are more appropriate. We design a quantitative analysis on AAFs (modelling our domain knowledge) with the purpose to compare different decisions and select the most suitable one to protect the critical assets.
F. Santini supported by GNCS-INDAM “Efficient Methods for Argumentation-based Decision Support”.
A. Yautsiukhin supported by H2020-MSCA-ITN “European Network on Computer Security” (675320) and the PRIN Security Horizons project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We do not distinguish between incoming and outgoing control, but this separation can be easily taken into account by using two couples of connecting arguments (one for incoming and another for outgoing traffic), instead of only one couple.
- 2.
In the current modelling we do not consider distributed attacks.
- 3.
One may argue that a threat also should specify a goal, next to the compromised element, e.g., a hacker may want to attack the PKE goal. In this paper we assume that every threat is binary linked to its goal, and an explicit specification of this goal is then redundant.
References
Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the octave approach. Technical report, Software Engineering Institute, Carnegie Mellon University (2003)
Amgoud, L., Cayrol, C.: On the acceptability of arguments in preference-based argumentation. In Proceedings of the Fourteenth Conference on Uncertainty in Artificial Intelligence, UAI 1998, pp. 1–7. Morgan Kaufmann Publishers Inc. (1998)
Applebaum, A., Levitt, K.N., Rowe, J., Parsons, S.: Arguing about firewall policy. In: Verheij, B., Szeider, S., Woltran, S. (eds.) COMMA, Frontiers in Artificial Intelligence and Applications, vol. 245, pp. 91–102. IOS Press (2012)
Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall policy specification and analysis. In: State, R., van der Meer, S., O’Sullivan, D., Pfeifer, T. (eds.) DSOM 2006. LNCS, vol. 4269, pp. 185–196. Springer, Heidelberg (2006)
Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: Integrated Network Management, pp. 180–187. IEEE (2009)
Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based constraint satisfaction and optimization. J. ACM 44, 201–236 (1997)
Bistarelli, S., Montanari, U., Rossi, F., Santini, F.: Unicast and multicast QoS routing with soft-constraint logic programming. ACM Trans. Comput. Logic 12(1), 5 (2010)
Bistarelli, S., Santini, F.: Two trust networks in one: using bipolar structures to fuse trust and distrust. In: Twelfth Annual International Conference on Privacy, Security and Trust, pp. 383–390. IEEE (2014)
Boella, G., Hulstijn, J., van der Torre, L.W.N.: Argumentation for access control. In: AI*IA, pp. 86–97 (2005)
Bouyahia, T., Idrees, M.S., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Metric for security activities assisted by argumentative logic. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 183–197. Springer, Heidelberg (2015)
Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the 24th International Conference on Software Engineering (ICSE 2002), pp. 232–240. ACM Press (2002)
Dijkstra, E.W.: A note on two problems in connexion with graphs. Numerische Mathematlk 1, 269–271 (1959)
Dung, P.M.: On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n-person games. Artif. Intell. 77(2), 321–357 (1995)
ITC. MAGERIT Version 1.0 Risk analysis and management methodology for information systems Procedures Handbook. Information Technology Council (2000)
Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: Proceedings of the IEEE Computer Society Security Foundations Workshop, p. 49. IEEE Computer Society, Washington, DC (2002)
Karabacak, B., Sogukpinar, I.: Isram: information security risk analysis method. Comput. Secur. 24(2), 147–159 (2005)
Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Formal approach to security metrics. what does “more secure” mean for you? In: Proceedings of the 1st International Workshop on Measurability of Security in Software Architectures. ACM Press (2010)
Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Heidelberg (2015)
Martinelli, F., Santini, F., Yautsiukhin, A.: Visualising network security through arguments. In: Thirteenth Annual International Conference on Privacy, Security and Trust (PST). IEEE (2015)
Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633–650 (1999)
Rahwan, I., Simari, G.R.: Argumentation in Artificial Intelligence, 1st edn. Springer, US (2009)
Rowe, J., Levitt, K., Parsons, S., Sklar, E., Applebaum, A., Jalal, S.: Argumentation logic to assist in security administration. In: Proceedings of the Workshop on New Security Paradigms, pp. 43–52. ACM (2012)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273. IEEE Computer Society (2002)
Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. Technical Report 800–30, National Institute of Standards and Technology (2001)
Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29(15), 2917–2933 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Santini, F., Yautsiukhin, A. (2016). Quantitative Analysis of Network Security with Abstract Argumentation. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management, and Security Assurance. DPM QASA 2015 2015. Lecture Notes in Computer Science(), vol 9481. Springer, Cham. https://doi.org/10.1007/978-3-319-29883-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-29883-2_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29882-5
Online ISBN: 978-3-319-29883-2
eBook Packages: Computer ScienceComputer Science (R0)