Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Quantitative Questions on Attack-Defense Trees
Kordy, Barbara; Mauw, Sjouke; Schweitzer, Patrick
2012 • In Information Security and Cryptology - ICISC 2012 - 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers
[en] Attack-defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes intuitive and formal components that can be used for quantitative analysis of attack-defense scenarios. In practice, we use intuitive questions to ask about aspects of scenarios we are interested in. Formally, a computational procedure, using a bottom-up algorithm, is applied to derive the corresponding numerical values. This paper bridges the gap between the intuitive and the formal way of quantitatively assessing attack-defense scenarios. We discuss how to properly specify a question, so that it can be answered unambiguously. Given a well-specified question, we then show how to derive an appropriate attribute domain which constitutes the corresponding formal model.
Disciplines :
Computer science
Author, co-author :
Kordy, Barbara ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Schweitzer, Patrick ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Language :
English
Title :
Quantitative Questions on Attack-Defense Trees
Publication date :
2012
Event name :
International Conference on Information Security and Cryptology
Event place :
Seoul, South Korea
Event date :
28-30 November, 2012
Main work title :
Information Security and Cryptology - ICISC 2012 - 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers
Publisher :
Springer
Collection name :
LNCS 7839
Pages :
49-64
Peer reviewed :
Peer reviewed
Commentary :
Extended version available at http://arxiv.org/abs/1210.8092
Abdulla, P.A., Cederberg, J., Kaati, L.: Analyzing the Security in the GSM Radio Network Using Attack Jungles. In: Margaria, T., Steffen, B. (eds.) ISoLA 2010, Part I. LNCS, vol. 6415, pp. 60-74. Springer, Heidelberg (2010)
Amenaza: SecurITree, http://www.amenaza.com/ (accessed October 5, 2012)
Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice-Hall, Inc., Upper Saddle River (1994), http://portal.acm.org/citation. cfm?id=179237#
Baca, D., Petersen, K.: Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec). In: Ali Babar, M., Vierimaa, M., Oivo, M. (eds.) PROFES 2010. LNCS, vol. 6156, pp. 176-190. Springer, Heidelberg (2010)
Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute Decoration of Attack-Defense Trees. International Journal of Secure Software Engineering (IJSSE) 3(2), 1-35 (2012)
Bistarelli, S., Dall'Aglio, M., Peretti, P.: Strategic Games on Defense Trees. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 1-15. Springer, Heidelberg (2007), http://www.springerlink.com/content/83115122h9007685/
Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures Via Multi-parameter Attack Trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235-248. Springer, Heidelberg (2006)
Byres, E.J., Franz, M., Miller, D.: The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In: International Infrastructure Survivability Workshop (IISW 2004). Institute of Electrical and Electronics Engineers, Lisbon (2004)
Edge, K.S., Dalton II, G.C., Raines, R.A., Mills, R.F.: Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security. In: MILCOM, pp. 1-7. IEEE (2006)
Fung, C., Chen, Y.L., Wang, X., Lee, J., Tarquini, R., Anderson, M., Linger, R.: Survivability analysis of distributed systems using attack tree methodology. In: Proceedings of the 2005 IEEE Military Communications Conference, vol. 1, pp. 583-589 (October 2005)
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 9th International Conference on Intelligent Transport Systems Telecommunications (ITST 2009), Lille, pp. 641-646 (October 2009)
Jürgenson, A., Willemson, J.: Computing Exact Outcomes of Multi-parameter Attack Trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036-1051. Springer, Heidelberg (2008)
Kordy, B., Mauw, S., Melissen, M., Schweitzer, P.: Attack-Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 245-256. Springer, Heidelberg (2010)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of Attack-Defense Trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80-95. Springer, Heidelberg (2011)
Kordy, B., Mauw, S., Radomiroviæ, S., Schweitzer, P.: Attack-Defense Trees. Journal of Logic and Computation, 1-33 (2012), http://logcom.oxfordjournals.org/content/early/2012/06/21/logcom.exs029.short? rss=1
Kordy, B., Pouly, M., Schweitzer, P.: Computational Aspects of Attack-Defense Trees. In: Bouvry, P., K?opotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 103-116. Springer, Heidelberg (2012)
Kordy, P., Schweitzer, P.: The ADTool, http://satoss.uni.lu/members/ piotr/adtool/index.php (accessed October 12, 2012)
Li, X., Liu, R., Feng, Z., He, K.: Threat modeling-oriented attack path evaluating algorithm. Transactions of Tianjin University 15(3), 162-167 (2009), http://www.springerlink.com/content/v76g872558787214/
Manikas, T.W., Thornton, M.A., Feinstein, D.Y.: Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities. In: 41st IEEE International Symposium on Multiple-Valued Logic (ISMVL 2011), pp. 263-267 (2011)
Mauw, S., Oostdijk, M.: Foundations of Attack Trees. In: Won, D., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186-198. Springer, Heidelberg (2006), http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.97.1056
Piètre-Cambacédès, L., Bouissou, M.: Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP). In: European Dependable Computing Conference, pp. 199-208. IEEE Computer Society, Los Alamitos (2010)
Roy, A., Kim, D.S., Trivedi, K.S.: Cyber security analysis using attack countermeasure trees. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW 2010), pp. 28:1-28:4. ACM, New York (2010), http://doi.acm.org.proxy.bnl.lu/10.1145/1852666.1852698
Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Security and Communication Networks 5(8), 929-943 (2012), http://dx.doi.org/10.1002/sec.299
Saini, V., Duan, Q., Paruchuri, V.: Threat Modeling Using Attack Trees. J. Computing Small Colleges 23(4), 124-131 (2008), http://portal.acm.org/ citation.cfm?id=1352100
Schneier, B.: Attack Trees. Dr. Dobb's Journal of Software Tools 24(12), 21-29 (1999), http://www.ddj.com/security/184414879
Tanu, E., Arreymbi, J.: An examination of the security implications of the supervisory control and data acquisition (SCADA) system in a mobile networked environment: An augmented vulnerability tree approach. In: Proceedings of Advances in Computing and Technology (AC&T) The School of Computing and Technology 5th Annual Conference. pp. 228-242. University of East London, School of Computing, Information Technology and Engineering (2010), http://hdl.handle.net/10552/994
Wang, J., Whitley, J.N., Phan, R.C.W., Parish, D.J.: Unified Parametrizable Attack Tree. International Journal for Information Security Research 1(1), 20-26 (2011), http://www.infonomics-society.org/IJISR/ Unified%20Parametrizable%20Attack%20Tree.pdf
Jürgenson, A., Willemson, J.: Serial Model for Attack Tree Computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118-128. Springer, Heidelberg (2010), http://research.cyber.ee/~jan/publ/ serialattack.pdf
Yager, R.R.: OWA trees and their role in security modeling using attack trees. Inf. Sci. 176(20), 2933-2959 (2006)