Analyzing the Security in the GSM Radio Network Using Attack Jungles

In this paper we introduce the concept of attack jungles, which is a formalism for systematic representation of the vulnerabilities of systems. An attack jungle is a graph representation of all ways in which an attacker successfully can achieve his goal. Attack jungles are an extension of attack trees [13] that allows multiple roots, cycles and reusability of resources. We have implemented a prototype tool for constructing and analyzing attack jungles. The tool was used to analyze the security of the GSM (radio) access network.

[1]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[2]  Lisa Kaati,et al.  Development of Computerized Support Tools for Intelligence Work , 2009 .

[3]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[4]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[5]  Irina Trubitsyna,et al.  Analyzing Security Scenarios Using Defence Trees and Answer Set Programming , 2008, Electron. Notes Theor. Comput. Sci..

[6]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[7]  Seungjoo Kim,et al.  Information Security and Cryptology - ICISC 2005 , 2005, Lecture Notes in Computer Science.

[8]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[9]  Lillian Goleniewski,et al.  Telecommunications Essentials, Second Edition : The Complete Global Source (2nd Edition) , 2006 .

[10]  Steve Wisniewski,et al.  Wireless and Cellular Networks , 2004 .

[11]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[12]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[13]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[14]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[15]  Parosh Aziz Abdulla,et al.  Algorithmic Analysis of Programs with Well Quasi-ordered Domains , 2000, Inf. Comput..

[16]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.