How Well Can I Secure My System?
Securing a system, being it a computer network, a physical infrastructure or an organization, is a very challenging task. In practice, it is always constrained by available resources, e.g., budget, time, or man-power. An attack–defense tree is a security model allowing to reason about different strategies that an attacker may use to attack a system and potential countermeasures that a defender could apply to defend against such attacks. This work integrates the modeling power of attack–defense trees with the strengths of integer linear programming techniques. We develop a framework that, given the overall budget allocated for the system’s protection, suggests which countermeasures should be implemented to secure the system in the best way possible. We lay down formal foundations for our framework and implement a proof of concept tool automating the solving of relevant optimization problems.
- 2.Berkelaar, M., Eikland, K., Notebaert, P.: lp_solve: Open source (Mixed-Integer) Linear Programming system (2005). http://lpsolve.sourceforge.net/5.5/ version 184.108.40.206, Accessed Sep 2016
- 4.DiskCryptor: (2014). https://diskcryptor.net/ Accessed 17 March 2017
- 5.Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). doi: 10.1007/978-3-319-43425-4_10 CrossRefGoogle Scholar
- 9.Ophcrack: (2016). http://ophcrack.sourceforge.net/ Accessed 17 March 2017
- 10.Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
- 12.Zheng, K., McLay, L.A., Luedtke, J.R.: A budgeted maximum multiple coverage model for cybersecurity planning and management (2017, under submission)Google Scholar