Attacker Profiling in Quantitative Security Assessment Based on Attack Trees

We present the results of research of limiting adversarial budget in attack games, and, in particular, in the failure-free attack tree models presented by Buldas-Stepanenko in 2012 and improved in 2013 by Buldas and Lenin. In the previously presented models attacker’s budget was assumed to be unlimited. It is natural to assume that the adversarial budget is limited and such an assumption would allow us to model the adversarial decision making more close to the one that might happen in real life. We analyze three atomic cases – the single atomic case, the atomic AND, and the atomic OR. Even these elementary cases become quite complex, at the same time, limiting adversarial budget does not seem to provide any better or more precise results compared to the failure-free models. For the limited model analysis results to be reliable, it is required that the adversarial reward is estimated with high precision, probably not achievable by providing expert estimations for the quantitative annotations on the attack steps, such as the cost or the success probability. It is doubtful that it is reasonable to face this com- plexity, as the failure-free model provides reliable upper bounds, being at the same time computationally less complex.

[1]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[2]  John S. Baras,et al.  Decision and Game Theory for Security , 2010, Lecture Notes in Computer Science.

[3]  Dong Hoon Lee,et al.  Information, Security and Cryptology - ICISC 2009, 12th International Conference, Seoul, Korea, December 2-4, 2009, Revised Selected Papers , 2010, ICISC.

[4]  Harold F. Tipton Official (ISC)2 Guide to the ISSAP CBK , 2010 .

[5]  Deep Medhi,et al.  Dependability and security models , 2009, 2009 7th International Workshop on Design of Reliable Communication Networks.

[6]  Shamal Faily,et al.  Barry is not the weakest link: eliciting secure system requirements with personas , 2010, BCS HCI.

[7]  Jeffrey P. Landry,et al.  A Risk Assessment Model for Voting Systems using Threat Trees and Monte Carlo Simulation , 2009, 2009 First International Workshop on Requirements Engineering for e-Voting Systems.

[8]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[9]  Jennifer Jie Xu,et al.  Mining communities and their relationships in blogs: A study of online hate groups , 2007, Int. J. Hum. Comput. Stud..

[10]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[11]  Ralf Steinmetz,et al.  A Generic Metamodel for IT Security Attack Modeling for Distributed Systems , 2010, 2010 International Conference on Availability, Reliability and Security.

[12]  Tharam S. Dillon,et al.  On the Move to Meaningful Internet Systems, OTM 2010 , 2010, Lecture Notes in Computer Science.

[13]  Bjarne Emil Helvik Special Theme: Security and Trust Management Building a Stochastic Model for Security and Trust Assessment Evaluation , .

[14]  Gary T. Marx,et al.  Strands of Theory and Research in Collective Behavior , 1975 .

[15]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[16]  Mattias Arvola,et al.  Personas in action: ethnography in an interaction design team , 2002, NordiCHI '02.

[17]  Natalia Juristo Juzgado,et al.  Integrating the Personas Technique into the Requirements Analysis Activity , 2008, 2008 Mexican International Conference on Computer Science.

[18]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[19]  Ahto Buldas,et al.  New Efficient Utility Upper Bounds for the Fully Adaptive Model of Attack Trees , 2013, GameSec.

[20]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[21]  Shamal Faily,et al.  Persona cases: a technique for grounding personas , 2011, CHI.

[22]  Steven Hernandez Cissp Official (ISC)2 Guide to the CISSP CBK , 2012 .

[23]  Seungjoo Kim,et al.  Information Security and Cryptology - ICISC 2005 , 2005, Lecture Notes in Computer Science.

[24]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[25]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[26]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[27]  SpitznerLance The Honeynet Project , 2003, S&P 2003.

[28]  Lorena Montoya The TREsPASS project , 2013 .

[29]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[30]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[31]  Ping Chen,et al.  Imitation, Learning, and Communication: Central or Polarized Patterns in Collective Actions , 1991 .

[32]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[33]  George M. McCann FOR THE U.S. NUCLEAR REGULATORY COMMISSION , 2007 .

[34]  Olav W. Bertelsen,et al.  Proceedings of the Second Nordic Conference on Human-Computer Interaction 2002, Aarhus, Denmark, October 19-23, 2002 , 2002, NordiCHI.

[35]  Ahto Buldas,et al.  Upper Bounds for Adversaries' Utility in Attack Trees , 2012, GameSec.

[36]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[37]  Jan Willemson,et al.  On Fast and Approximate Attack Tree Computations , 2010, ISPEC.