How Well Can I Secure My System?

  • Barbara Kordy
  • Wojciech WidełEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10510)


Securing a system, being it a computer network, a physical infrastructure or an organization, is a very challenging task. In practice, it is always constrained by available resources, e.g., budget, time, or man-power. An attack–defense tree is a security model allowing to reason about different strategies that an attacker may use to attack a system and potential countermeasures that a defender could apply to defend against such attacks. This work integrates the modeling power of attack–defense trees with the strengths of integer linear programming techniques. We develop a framework that, given the overall budget allocated for the system’s protection, suggests which countermeasures should be implemented to secure the system in the best way possible. We lay down formal foundations for our framework and implement a proof of concept tool automating the solving of relevant optimization problems.


  1. 1.
    Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46666-7_6 Google Scholar
  2. 2.
    Berkelaar, M., Eikland, K., Notebaert, P.: lp_solve: Open source (Mixed-Integer) Linear Programming system (2005). version, Accessed Sep 2016
  3. 3.
    Chvátal, V.: Linear Programming. W.H Freeman, San Francisco (1983)zbMATHGoogle Scholar
  4. 4.
    DiskCryptor: (2014). Accessed 17 March 2017
  5. 5.
    Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). doi: 10.1007/978-3-319-43425-4_10 CrossRefGoogle Scholar
  6. 6.
    Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014). doi: 10.1093/logcom/exs029 MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Kordy, B., Pouly, M., Schweitzer, P.: Probabilistic reasoning with graphical security models. Inf. Sci. 342, 111–131 (2016). doi: 10.1016/j.ins.2016.01.010 MathSciNetCrossRefGoogle Scholar
  8. 8.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). doi: 10.1007/11734727_17 CrossRefGoogle Scholar
  9. 9.
    Ophcrack: (2016). Accessed 17 March 2017
  10. 10.
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
  11. 11.
    Shameli-Sendi, A., Louafi, H., He, W., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE J. TDSC 99, 10–14 (2016). doi: 10.1109/TDSC.2016.2615622 Google Scholar
  12. 12.
    Zheng, K., McLay, L.A., Luedtke, J.R.: A budgeted maximum multiple coverage model for cybersecurity planning and management (2017, under submission)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.INSA Rennes, IRISARennesFrance

Personalised recommendations