A methodology for qualitative/quantitative analysis of weighted attack trees

Bobbio, A.; Egidi, Lavinia; Terruggia, Roberta

doi:10.3182/20130904-3-uk-4041.00007

Cited by 10 publications

(24 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Numerous analysis methods for quantitative analysis of attack trees and fault trees exist [2,6,15,23,29,41,45]. In this section, we give an overview of two common algorithms for fault trees and attack trees.…”

Section: Analysis Algorithms For Attack and Fault Treesmentioning

confidence: 99%

See 1 more Smart Citation

The Marriage Between Safety and Cybersecurity: Still Practicing

Stoelinga

Kolb

Nicoletti

et al. 2021

Model Checking Software

View full text Add to dashboard Cite

Emerging technologies, like self-driving cars, drones, and the Internet-of-Things must not impose threats to people, neither due to accidental failures (safety), nor due to malicious attacks (security). As historically separated fields, safety and security are often analyzed in isolation. They are, however, heavily intertwined: measures that increase safety often decrease security and vice versa. Also, security vulnerabilities often cause safety hazards, e.g. in autonomous cars. Therefore, for effective decision-making, safety and security must be considered in combination.This paper discusses three major challenges that a successful integration of safety and security faces: (1) The complex interaction between safety and security (2) The lack of efficient algorithms to compute system-level risk metrics (3) The lack of proper risk quantification methods. We will point out several research directions to tackle these challenges, exploiting novel combinations of mathematical game theory, stochastic model checking, as well as the Bayesian, fuzzy, and Dempster-Schafer frameworks for uncertainty reasoning. Finally, we report on early results in these directions. Keywords: SafetyThis work was partially funded by ERC Consolidator Grant 864075 (CAESAR).

show abstract

Section: Analysis Algorithms For Attack and Fault Treesmentioning

confidence: 99%

“…As a matter of fact, computing metrics in a DAG-structured DT T is an NP-complete problem. Various methods to analyse DAG-structured DTs have been proposed: contributions over the last 15 years include [2,6,15,23,29]. We now detail our recent work on binary decision diagrams (BDDs) [9].…”

Section: Algorithms For Dag-shaped Dtsmentioning

confidence: 99%

The Marriage Between Safety and Cybersecurity: Still Practicing

Stoelinga

Kolb

Nicoletti

et al. 2021

Model Checking Software

View full text Add to dashboard Cite

show abstract

“…Dynamic tree Static DAG Dynamic DAG min cost BU [14,15,16] BU [4] MTBDD [17] C-BU [18] PTA [8] min time BU [14,19] APH [9] BU [4] Petri nets [12] PTA [8] min skill BU [14,20] BU [4] C-BU [18] max damage BU [14,19,20] BU [4] MTBDD [17] DPLL [7] PTA [8] probability BU [6,19] APH [9] BDD [21] DPLL [7] I/O-IMC [5] Pareto fronts BU [22,19] OPEN PROBLEM C-BU [11] PTA [8] Any of the above Algo. 1: BUSAT Algo.…”

Section: Metric Static Treementioning

confidence: 99%

“…Static DAGs: It is well-known that static attack trees with DAG structure cannot be analysed via a bottom-up procedure [21,23]. Several algorithms have been devised to tackle with such ATs, mostly geared to specific metrics [5,17,12,7,18].…”

Section: Open Problemmentioning

confidence: 99%

Efficient Algorithms for Quantitative Attack Tree Analysis

Budde¹,

Stoelinga²

2021

Preprint

View full text Add to dashboard Cite

Numerous analysis methods for quantitative attack tree analysis have been proposed. These algorithms compute relevant security metrics, i.e. performance indicators that quantify how good the security of a system is, such as the most likely attack, the cheapest, or the most damaging one. This paper classifies attack trees in two dimensions: proper trees vs. directed acyclic graphs (i.e. with shared subtrees); and static vs. dynamic gates. For each class, we propose novel algorithms that work over a generic attribute domain, encompassing a large number of concrete security metrics defined on the attack tree semantics. We also analyse the computational complexity of our methods.

show abstract

“…In [22] the Weighted-ADT (WADT), an enriched version of the ADT formal method, is presented. The WADT allows to perform qualitative and quantitative analysis enhancing the formalism with cost and impact attributes.…”

Section: Related Workmentioning

confidence: 99%

Cyber security analysis of Web-of-Cells energy architectures

Terruggia

Dondossola

Ekstedt

2018

Electronic Workshops in Computing

Self Cite

View full text Add to dashboard Cite

The evolution of the power grid toward a distributed architecture requires rethinking of the traditional control strategies. From a hierarchical structure the future grid moves on to a decentralized organization where the Distributed Energy Resources are spread over the whole infrastructure. The control strategies need to implement new functionalities where the ICT (Information and Communication Technology) components represent essential assets and the cyber security issues have to be addressed very carefully. This paper presents a methodology for the cyber security analysis of an ICT architecture implementing the Web-of-Cells (WoC) concept for the control of the future power grid as proposed by the ELECTRA EU project. Starting from a WoC architecture, a realistic Cell network topology is modelled by the securiCAD tool. The model comprises cells where the main ICT assets (hosts, network nodes, programs, services and data flows) contain vulnerabilities allowing that possible attack steps are deployed to perform a cyber attack. To contrast the attack process, specific cyber security measures can be included in the model. The cyber security analysis is performed by means of the securiCAD tool implementing the proposed methodology for the evaluation of the attack graphs and the computation of the TTC (Time To Compromise) indicator. TTC represents the expected time an attacker would take to compromise every single asset in the modelled ICT infrastructure. The methodology allows to perform a sensitivity analysis estimating the efficacy of the applied mitigation measures by comparing the TTC values in the different model setups. The cyber security analysis described in this paper addresses the cyber threat assessment of a sample multi phase attack process by evaluating the possible attack paths and obtaining the TTC values for the attack target assets.

show abstract

A methodology for qualitative/quantitative analysis of weighted attack trees

Cited by 10 publications

References 11 publications

The Marriage Between Safety and Cybersecurity: Still Practicing

The Marriage Between Safety and Cybersecurity: Still Practicing

Efficient Algorithms for Quantitative Attack Tree Analysis

Cyber security analysis of Web-of-Cells energy architectures

Contact Info

Product

Resources

About