Advertisement

Quantitative Evaluation of Attack Defense Trees Using Stochastic Timed Automata

  • René Rydhof Hansen
  • Peter Gjøl Jensen
  • Kim Guldstrand Larsen
  • Axel Legay
  • Danny Bøgsted PoulsenEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10744)

Abstract

Security analysis is without doubt one of the most important issues in a society relying heavily on computer infrastructure. Unfortunately security analysis is also very difficult due to the complexity of systems. This is bad enough when dealing with ones own computer systems - but nowadays organisations rely on third-party services - cloud services - along with their own in-house systems. Combined this makes it overwhelming difficult to obtain an overview of possible attack scenarios. Luckily, some formalisms such as attack trees exist that can help security analysts. However, temporal behaviour of the attacker is rarely considered by these formalisms.

In this paper we build upon previous work on attack-defence trees to build a proper temporal semantics. We consider the attack-defence tree a reachability objective for an attacker and thereby separate the attacker logic from the attack-defence tree. We give a temporal stochastic semantics for arbitrary attackers (adhering to certain requirements to make the attacker “sane”) and we allow annotating attacker actions with time-dependent costs. Furthermore, we define what we call a cost-preserving attacker profile and we define a parameterised attacker profile. The defined semantics is implemented via a translation to uppaal SMC. Using uppaal SMC we answer various questions such as the expected cost of an attack, we find the probability of a successful attack and we even show how an attacker can find an optimal parameter setting using ANOVA and Tukeys test.

References

  1. 1.
    Alur, R., Dill, D.: Automata for modeling real-time systems. In: Paterson, M.S. (ed.) ICALP 1990. LNCS, vol. 443, pp. 322–335. Springer, Heidelberg (1990).  https://doi.org/10.1007/BFb0032042 CrossRefGoogle Scholar
  2. 2.
    Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Principles of Security and Trust, vol. 9036, p. 95 (2015).  https://doi.org/10.1007/978-3-662-46666-7_6
  3. 3.
    Aslanyan, Z., Nielson, F., Parker, D.: Quantitative verification and synthesis of attack-defence scenarios. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, 27 June–1 July 2016, pp. 105–119. IEEE Computer Society (2016).  https://doi.org/10.1109/CSF.2016.15
  4. 4.
    Bagnato, A., Kordy, B., Meland, P., Schweitzer, P.: Attribute decoration of attack-defense trees. Int. J. Secur. Soft. Eng. (IJSSE) 3(2), 1–35 (2012)CrossRefGoogle Scholar
  5. 5.
    David, A., Larsen, K.G., Legay, A., Mikucionis, M., Poulsen, D.B.: Uppaal SMC tutorial. STTT 17(4), 397–415 (2015).  https://doi.org/10.1007/s10009-014-0361-y Google Scholar
  6. 6.
    Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35–50. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44878-7_3 CrossRefGoogle Scholar
  7. 7.
    Hermanns, H., Krämer, J., Krčál, J., Stoelinga, M.: The value of attack-defence diagrams. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 163–185. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49635-0_9 CrossRefGoogle Scholar
  8. 8.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014).  https://doi.org/10.1016/j.cosrev.2014.07.001 CrossRefzbMATHGoogle Scholar
  10. 10.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006).  https://doi.org/10.1007/11734727_17 CrossRefGoogle Scholar
  11. 11.
    Montgomery, D.C.: Design and Analysis of Experiments. Wiley, Hoboken (2006)Google Scholar
  12. 12.
    Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s J. (1999)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • René Rydhof Hansen
    • 1
  • Peter Gjøl Jensen
    • 1
  • Kim Guldstrand Larsen
    • 1
  • Axel Legay
    • 2
  • Danny Bøgsted Poulsen
    • 3
    Email author
  1. 1.Department of Computer ScienceAalborg UniversityAalborgDenmark
  2. 2.INRIA - RennesRennesFrance
  3. 3.Christian Albrechts UniversitätKielGermany

Personalised recommendations