Abstract
Securing a system, being it a computer network, a physical infrastructure or an organization, is a very challenging task. In practice, it is always constrained by available resources, e.g., budget, time, or man-power. An attack–defense tree is a security model allowing to reason about different strategies that an attacker may use to attack a system and potential countermeasures that a defender could apply to defend against such attacks. This work integrates the modeling power of attack–defense trees with the strengths of integer linear programming techniques. We develop a framework that, given the overall budget allocated for the system’s protection, suggests which countermeasures should be implemented to secure the system in the best way possible. We lay down formal foundations for our framework and implement a proof of concept tool automating the solving of relevant optimization problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In [6], the root actor is called the proponent and the other actor is the opponent.
- 2.
Here, as well as in the rest of the paper, we shorten the labels for better readability.
- 3.
To avoid confusion, attack/defense strategies in an ADTree are denoted using capital letters and attack/defense vectors in its homogenous subtrees using lower case letters.
References
Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46666-7_6
Berkelaar, M., Eikland, K., Notebaert, P.: lp_solve: Open source (Mixed-Integer) Linear Programming system (2005). http://lpsolve.sourceforge.net/5.5/ version 5.5.2.5, Accessed Sep 2016
Chvátal, V.: Linear Programming. W.H Freeman, San Francisco (1983)
DiskCryptor: (2014). https://diskcryptor.net/ Accessed 17 March 2017
Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). doi:10.1007/978-3-319-43425-4_10
Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014). doi:10.1093/logcom/exs029
Kordy, B., Pouly, M., Schweitzer, P.: Probabilistic reasoning with graphical security models. Inf. Sci. 342, 111–131 (2016). doi:10.1016/j.ins.2016.01.010
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). doi:10.1007/11734727_17
Ophcrack: (2016). http://ophcrack.sourceforge.net/ Accessed 17 March 2017
Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)
Shameli-Sendi, A., Louafi, H., He, W., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE J. TDSC 99, 10–14 (2016). doi:10.1109/TDSC.2016.2615622
Zheng, K., McLay, L.A., Luedtke, J.R.: A budgeted maximum multiple coverage model for cybersecurity planning and management (2017, under submission)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Kordy, B., Wideł, W. (2017). How Well Can I Secure My System?. In: Polikarpova, N., Schneider, S. (eds) Integrated Formal Methods. IFM 2017. Lecture Notes in Computer Science(), vol 10510. Springer, Cham. https://doi.org/10.1007/978-3-319-66845-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-66845-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66844-4
Online ISBN: 978-3-319-66845-1
eBook Packages: Computer ScienceComputer Science (R0)