Quantitative Questions on Attack-Defense Trees

Attack---defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes intuitive and formal components that can be used for quantitative analysis of attack---defense scenarios. In practice, we use intuitive questions to ask about aspects of scenarios we are interested in. Formally, a computational procedure, using a bottom-up algorithm, is applied to derive the corresponding numerical values. This paper bridges the gap between the intuitive and the formal way of quantitatively assessing attack---defense scenarios. We discuss how to properly specify a question, so that it can be answered unambiguously. Given a well-specified question, we then show how to derive an appropriate attribute domain which constitutes the corresponding formal model.

[1]  Ronald R. Yager OWA trees and their role in security modeling using attack trees , 2006, Inf. Sci..

[2]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[3]  Alessandra Bagnato,et al.  Attribute Decoration of Attack-Defense Trees , 2012, Int. J. Secur. Softw. Eng..

[4]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[5]  Johnnes Arreymbi,et al.  An examination of the security implications of the supervisory control and data acquisition (SCADA) system in a mobile networked environment: An augmented vulnerability tree approach. , 2010 .

[6]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[7]  Marc Dacier,et al.  Privilege Graph: an Extension to the Typed Access Matrix Model , 1994, ESORICS.

[8]  Dong Seong Kim,et al.  Cyber security analysis using attack countermeasure trees , 2010, CSIIRW '10.

[9]  Vamsi Paruchuri,et al.  Threat modeling using attack trees , 2008 .

[10]  David J. Parish,et al.  Unified P arametrizable Attack Tree , 2011 .

[11]  Jie Wang,et al.  Unified Parametrizable Attack Tree , 2011 .

[12]  Kai Petersen,et al.  Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec) , 2010, PROFES.

[13]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[14]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[15]  Ludovic Piètre-Cambacédès,et al.  Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP) , 2010, 2010 European Dependable Computing Conference.

[16]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[17]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[18]  Barbara Kordy,et al.  Computational Aspects of Attack-Defense Trees , 2011, SIIS.

[19]  Ran Liu,et al.  Threat modeling-oriented attack path evaluating algorithm , 2009 .

[20]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[21]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[22]  Xinyu Wang,et al.  Survivability analysis of distributed systems using attack tree methodology , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[23]  Theodore W. Manikas,et al.  Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities , 2011, 2011 41st IEEE International Symposium on Multiple-Valued Logic.

[24]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[25]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[26]  R.F. Mills,et al.  Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[27]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[28]  Ludovic Apvrille,et al.  Security requirements for automotive on-board networks , 2009, 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST).

[29]  Barbara Kordy,et al.  Attack-Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent , 2010, GameSec.

[30]  Parosh Aziz Abdulla,et al.  Analyzing the Security in the GSM Radio Network Using Attack Jungles , 2010, ISoLA.