Attack Tree Generation by Policy Invalidation

Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps.

[1]  Trajce Dimkov,et al.  Alignment of organizational security policies: Theory and Practice , 2012 .

[2]  Pieter H. Hartel,et al.  Portunes: Representing Attack Scenarios Spanning through the Physical, Digital and Social Domain , 2010, ARSPA-WITS.

[3]  Wolter Pieters,et al.  Security Policy Alignment: A Formal Approach , 2013, IEEE Systems Journal.

[4]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[5]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[6]  Christian W. Probst,et al.  An extensible analysable system model , 2008, Inf. Secur. Tech. Rep..

[7]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[8]  Flemming Nielson,et al.  Automated Generation of Attack Trees , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[9]  Flemming Nielson,et al.  Where Can an Insider Attack? , 2006, Formal Aspects in Security and Trust.

[10]  Florian Kammüller,et al.  Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis , 2014, 2014 IEEE Security and Privacy Workshops.

[11]  J. A. Robinson,et al.  A Machine-Oriented Logic Based on the Resolution Principle , 1965, JACM.

[12]  Takeo Kanade,et al.  Formal Aspects in Security and Trust , 2008, Lecture Notes in Computer Science.

[13]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.