Quantitative Security and Safety Analysis with Attack-Fault Trees

Kumar, Rajesh; Stoelinga, Mariëlle

doi:10.1109/hase.2017.12

Cited by 81 publications

(93 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The leaves of the tree model are either basic component failures (BCF) or basic attack steps (BAS). Since subtrees can be shared in the literature (see e. g., [KS17]), AFTs are actually directed acyclic graphs, rather than trees. In this paper, we consider only trees without shared gates or leaves.…”

Section: Attack-fault Treesmentioning

confidence: 99%

“…12 in Appendix C for a screenshot of the tool). Then, different translations are available: 1 t o p l e v e l "A" ; 2 "A" or "B" "C " ; 3 "B" mintime =50 maxtime =100 c o s t = 5 0 ; 4 "C" mintime =30 maxtime =70 c o s t = 3 0 ; Figure 7: Example of Galileo attack-tree one quite interesting is the translation into an Uppaal file, for instance a network of stochastic timed automata [KS17]. ATTop takes the ATMM and translates it in its Uppaal metamodel, then serializes it into an Uppaal formatted file.…”

Section: B Translation From Afts To Pwtasmentioning

confidence: 99%

“…While fault trees focus on safety properties, attack trees considerate skills, resources and risk appetite possessed by an attacker performing actions. Attack-fault trees (AFTs) [KS17] combine safety properties from fault trees and security conditions from attack trees; therefore gates of both fault trees and attack trees are used in this formalism.…”

Section: Introductionmentioning

confidence: 99%

“…As a proof of concept, we apply our framework to an attack tree of [KS17] and an original attack-fault tree. With the help of the parametric timed model checker IMITATOR, we are able to synthesize constraints in several dimensions; further we discuss induced possible attack and fault scenarios.…”

Section: Introductionmentioning

confidence: 99%

“…b) Related work: Attack tree analysis has been studied through lattice theory [Kor+10] [Sch+17] and in [HV06] UML sequence diagrams are manually transformed into timed automata models. [KS17] especially tackles the problem of multiple complex risk metrics and attacker profiles, in a probabilistic and timed formalism that can be computed and analyzed using stochastical model-checking [RS14] and Uppaal SMC [Dav+15]. AFTs are modeled in the Galileo format and translated with the tool ATTop [Kum+18] into stochastic timed automata [Dav+11].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Parametric Analyses of Attack-Fault Trees

André

Lime

Ramparison

et al. 2019

2019 19th International Conference on Application of Concurrency to System Design (ACSD)

Self Cite

View full text Add to dashboard Cite

Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i. e., absence of unintentional failures) and security (i. e., no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to help considering these problems is attack trees, a treebased formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parametrize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient counter-measure.

show abstract

Section: Attack-fault Treesmentioning

confidence: 99%

Section: B Translation From Afts To Pwtasmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Parametric Analyses of Attack-Fault Trees

André

Lime

Ramparison

et al. 2019

2019 19th International Conference on Application of Concurrency to System Design (ACSD)

Self Cite

View full text Add to dashboard Cite

show abstract

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Ponsard

Grandclaudon

Massonet

2021

J Software Evolu Process

View full text Add to dashboard Cite

Summary Designing safety‐critical software in domains ensuring essential services like transportation, energy, or health requires high assurance techniques and compliance with domain specific standards. As a result of the global interconnectivity and the evolution toward cyber‐physical systems, the increasing exposure to cyber threats calls for the adoption of cyber security standards and frameworks. Although safety and security have different cultures, both fields share similar concepts and tools and are worth being investigated together. This paper provides the background to understand emerging co‐engineering approaches. It advocates for the use of a model‐based approach to provide a sound risk‐oriented process and to capture rationales interconnecting top‐level standards/directives to concrete safety/security measures. We show the benefits of adopting goal‐oriented analysis that can be transposed later to domain‐specific frameworks. Both qualitative and quantitative reasoning aspects are analyzed and discussed, especially to support trade‐off analysis. Our work is driven by a representative case study in drinking water utility in the scope of the NIS regulation for operator of essential services.

show abstract

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Mashkoor

Egyed

Wille

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

This article presents a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions.

show abstract

Quantitative Security and Safety Analysis with Attack-Fault Trees

Cited by 81 publications

References 31 publications

Parametric Analyses of Attack-Fault Trees

Parametric Analyses of Attack-Fault Trees

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Contact Info

Product

Resources

About