Model Checking Exact Cost for Attack Scenarios

Aslanyan, Zaruhi; Nielson, Flemming

doi:10.1007/978-3-662-54455-6_10

Cited by 8 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More recently, several approaches exploiting model checking techniques have been proposed to address the problem of multi-parameter quantitative evaluation on attack tree-based models. The focus of Aslanyan and Nielson in [30] is on attack trees with the exact cost and the probability parameters. Attack trees are transformed into Markov decision processes with reward structure, and erPCTL 5 queries, such as "what is the maximum probability of an attack with the cost at most c?"…”

Section: Related Workmentioning

confidence: 99%

Efficient Attack-Defense Tree Analysis using Pareto Attribute Domains

Fila

Wideł

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

The cheapest attacks are often time-consuming, and those requiring high level of technical skills might occur rarely but result in disastrous consequences. Therefore, analysis focusing on a single parameter at a time, e.g., only cost or time, is insufficient for the successful selection of the appropriate measures increasing system's security. In practice, security engineers are thus confronted with the problem of multi-parameter analysis. The objective of this work is to address this problem and propose a sound, general framework for multi-parameter analysis of security. In order to ensure the usability of our solution for real-life applications, our proposal relies on the attackdefense tree model that security experts from industry are already familiar with. We present mathematical foundations of our framework and characterize the class of parameters it is suitable for. We identify conditions under which the proposed method applies to attack-defense trees where several nodes represent the same action. We discuss the complexity of our approach and implement the underlying algorithms in a proof of concept tool. We analyze its performance on a number of trees of varying complexity, and validate our proposal on a case study borrowed from industry.

show abstract

Section: Related Workmentioning

confidence: 99%

Efficient Attack-Defense Tree Analysis using Pareto Attribute Domains

Fila

Wideł

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…, ι n , γ n if this is the case, and rejects it otherwise. Notice that the computation of the set λ(ι i ) ∩ Pre * S (λ(γ i )) and λ(γ i ) ∩ Post * S (λ(ι i )) requires only polynomial time in |S| and so does the checking of inclusions in equations (2) and (3).…”

Section: Proofmentioning

confidence: 99%

“…If the tree contains branches that are irrelevant for the considered system, the time of its analysis might be longer than necessary. This implies that a manually Model checking of attack trees, especially using tools such as PRISM or UPPAAL, has already been successfully employed, in particular to support their quantitative analysis, as in [8,17,2]. Such techniques provide an effective way of handling a multiparameter evaluation of attack scenarios, e.g., identifying the resources needed for a successful attack or checking whether there exists an attack whose cost is lower than a given value and whose probability of success is greater than a certain threshold.…”

Section: Introductionmentioning

confidence: 99%

Is My Attack Tree Correct?

Audinot¹,

Pinchinat²,

Kordy³

2017

Computer Security – ESORICS 2017

View full text Add to dashboard Cite

Attack trees are a popular way to represent and evaluate potential security threats on systems or infrastructures. The goal of this work is to provide a framework allowing to express and check whether an attack tree is consistent with the analyzed system. We model real systems using transition systems and introduce attack trees with formally specified node labels. We formulate the correctness properties of an attack tree with respect to a system and study the complexity of the corresponding decision problems. The proposed framework can be used in practice to assist security experts in manual creation of attack trees and enhance development of tools for automated generation of attack trees. This is an extended version of the work published at ESORICS 2017 [4].

show abstract