On Quantitative Analysis of Attack-Defense Trees with Repeated Labels

Ensuring security of complex systems is a difficult task that requires utilization of numerous tools originating from various domains. Among those tools we find attack–defense trees, a simple yet practical model for analysis of scenarios involving two competing parties. Enhancing the well-established model of attack trees, attack–defense trees are trees with labeled nodes, offering an intuitive representation of possible ways in which an attacker can harm a system, and means of countering the attacks that are available to the defender. The growing palette of methods for quantitative analysis of attack–defense trees provides security experts with tools for determining the most threatening attacks and the best ways of securing the system against those attacks. Unfortunately, many of those methods might fail or provide the user with distorted results if the underlying attack–defense tree contains multiple nodes bearing the same label. We address this issue by studying conditions ensuring that the standard bottom-up evaluation method for quantifying attack–defense trees yields meaningful results in the presence of repeated labels. For the case when those conditions are not satisfied, we devise an alternative approach for quantification of attacks.

[1]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[2]  Olga Gadyatskaya,et al.  Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study , 2016, PoEM.

[3]  Mariëlle Stoelinga,et al.  Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools , 2014, Comput. Sci. Rev..

[4]  Ross Horne,et al.  Semantics for Specialising Attack Trees based on Linear Logic , 2017, Fundam. Informaticae.

[5]  Jin B. Hong,et al.  A survey on the usability and practical applications of Graphical Security Models , 2017, Comput. Sci. Rev..

[6]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[7]  Barbara Kordy,et al.  How Well Can I Secure My System? , 2017, IFM.

[8]  Florian Kammüller,et al.  Transforming Graphical System Models to Graphical Attack Models , 2015, GraMSec@CSF.

[9]  Xiang Ji,et al.  Attack-defense trees based cyber security analysis for CPSs , 2016, 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[10]  Flemming Nielson,et al.  Pareto Efficient Solutions of Attack-Defence Trees , 2015, POST.

[11]  Karl Stecher,et al.  Evaluation of Large Fault-Trees with Repeated Events Using an Efficient Bottom-Up Algorithm , 1986, IEEE Transactions on Reliability.

[12]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[13]  D. Codetta-Raiteri,et al.  BDD based analysis of parametric fault trees , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[14]  Olga Gadyatskaya,et al.  Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0 , 2016, QEST.

[15]  Flemming Nielson,et al.  Automated Generation of Attack Trees , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[16]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[17]  Mathieu Acher,et al.  ATSyRa: An Integrated Environment for Synthesizing Attack Trees - (Tool Paper) , 2015, GraMSec@CSF.

[18]  Holger Hermanns,et al.  The Value of Attack-Defence Diagrams , 2016, POST.

[19]  Barbara Kordy,et al.  Quantitative Questions on Attack-Defense Trees , 2012, ICISC.

[20]  Paolo Giorgini,et al.  The Socio-technical Security Requirements Modelling Language for Secure Composite Services , 2014, Secure and Trustworthy Service Composition.

[21]  Barbara Kordy,et al.  Evil Twins: Handling Repetitions in Attack-Defense Trees - A Survival Guide , 2017, GraMSec@CSF.

[22]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[23]  Flemming Nielson,et al.  Quantitative Verification and Synthesis of Attack-Defence Scenarios , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[24]  Kim G. Larsen,et al.  Modelling Attack-defense Trees Using Timed Automata , 2016, FORMATS.

[25]  Alessandra Bagnato,et al.  Attribute Decoration of Attack-Defense Trees , 2012, Int. J. Secur. Softw. Eng..

[26]  Barbara Kordy,et al.  Attack Trees with Sequential Conjunction , 2015, SEC.

[27]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..