A Probabilistic Framework for Security Scenarios with Dependent Actions

Kordy, Barbara; Pouly, Marc; Schweizer, Patrick

doi:10.1007/978-3-319-10181-1_16

Cited by 12 publications

(11 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1 that, if all labels in a tree are unique, then the resulting attack-tree decoration problem based on this bottom-up attribute constraint-set is either undetermined or determined. We remark, nonetheless, that our methodology can also be used to model other computational approaches such as the Bayesian reasoning proposed by Kordy, Pouly, and Schweitzer [32]. It is ultimately the analyst who decides what constitutes a set of hard predicates, although we require the analyst to come up with hard predicates that are satisfiable; as we do in this article.…”

Section: Hard Predicatesmentioning

confidence: 99%

Attribute evaluation on attack trees with incomplete information

Buldas

Gadyatskaya

Lenin

et al. 2020

Computers & Security

View full text Add to dashboard Cite

Attack trees are considered a useful tool for security modelling because they support qualitative as well as quantitative analysis. The quantitative approach is based on values associated to each node in the tree, expressing, for instance, the minimal cost or probability of an attack. Current quantitative methods for attack trees allow the analyst to, based on an initial assignment of values to the leaf nodes, derive the values of the higher nodes in the tree. In practice, however, it shows to be very difficult to obtain reliable values for all leaf nodes. The main reasons are that data is only available for some of the nodes, that data is available for intermediate nodes rather than for the leaf nodes, or even that the available data is inconsistent. We address these problems by developing a generalisation of the standard bottom-up calculation method in three ways. First, we allow initial attributions of non-leaf nodes. Second, we admit additional relations between attack steps beyond those provided by the underlying attack tree semantics. Third, we support the calculation of an approximative solution in case of inconsistencies. We illustrate our method, which is based on constraint programming, by a comprehensive case study.

show abstract

Section: Hard Predicatesmentioning

confidence: 99%

Attribute evaluation on attack trees with incomplete information

Buldas

Gadyatskaya

Lenin

et al. 2020

Computers & Security

View full text Add to dashboard Cite

show abstract

“…We consider a modified version of a simple scenario borrowed from [19], where an attacker wants to infect a computer with a virus. In order to do so, the attacker needs to put the virus file on the system and only after that execute it.…”

Section: Well-formedness the Syntax Inmentioning

confidence: 99%

“…A formalisation of attack-defence trees similar to the one we used has been presented by Aslanyan and Nielson [9], where they proposed evaluation techniques for analysing trees with multiple conflicting parameters in terms of Pareto efficiency. Further developments on attack-defence trees have been carried out, such as combining the tree methodology with Bayesian networks for analysing probabilistic measures of attack-defence trees with dependent actions [19] and studying the relationship between such trees and binary zero-sum two-player games [11]. Moreover, Bistarelli et al [26] used strategic games for analysing attack-defence scenarios presented with defence trees, an extension of attack trees with countermeasures only on the leaves.…”

Section: Related Workmentioning

confidence: 99%

Quantitative Verification and Synthesis of Attack-Defence Scenarios

Aslanyan

Nielson

Parker

2016

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Abstract-Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.

show abstract

“…For instance, attack trees have been enriched and augmented with adaptable countermeasures to become ADTrees [10]. Performing quantitative analysis on these models usually goes through applying an analytic approach such as Markov chains [1-3, 12, 15], Petri-Nets [5,16], or Bayesian networks [11].…”

Section: Introductionmentioning

confidence: 99%

“…Kordy el al. [11] adopted ADTrees model and used Bayesian networks approach to assess the likelihood of security scenarios. This approach requires for each instant of time the construction of a conditional probability table for each action because of the stochastic dependency between actions.…”

Section: Introductionmentioning

confidence: 99%

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

Jhawar

Lounis

Mauw

2016

Security and Trust Management

View full text Add to dashboard Cite

Abstract. Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.

show abstract

A Probabilistic Framework for Security Scenarios with Dependent Actions

Cited by 12 publications

References 26 publications

Attribute evaluation on attack trees with incomplete information

Attribute evaluation on attack trees with incomplete information

Quantitative Verification and Synthesis of Attack-Defence Scenarios

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

Contact Info

Product

Resources

About