The Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement

Horne, Ross James; Mauw, Sjouke; Tiu, Alwen

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

The Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement

Horne, Ross James; Mauw, Sjouke; Tiu, Alwen

2018 • In Proc.\ 5th International Workshop on Graphical Models for Security (GraMSec'18)

Peer reviewed

Permalink
https://hdl.handle.net/10993/38040

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

main.pdf

Author preprint (151.28 kB)

to appear in volume of series LNCS

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Horne, Ross James ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Tiu, Alwen

External co-authors :

yes

Language :

English

Title :

The Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement

Publication date :

2018

Event name :

The Fifth International Workshop on Graphical Models for Security

Event place :

Oxford, United Kingdom

Event date :

July 8, 2018

Audience :

International

Main work title :

Proc.\ 5th International Workshop on Graphical Models for Security (GraMSec'18)

Collection name :

LNCS 11086

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 07 January 2019

Statistics

Number of views

72 (13 by Unilu)

Number of downloads

79 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Abramsky, S., Jagadeesan, R.: Games and full completeness for multiplicative linear logic. J. Symbolic Logic 59(2), 543–574 (1994). https://doi.org/10.2307/2275407
Abramsky, S., Jagadeesan, R.: Game semantics for access control. In: Proceedings of the 25th Conference on Mathematical Foundations of Programming Semantics (MFPS 2009) Electronic Notes in Theoretical Computer Science, vol. 249, pp. 135–156 (2009). https://doi.org/10.1016/j.entcs.2009.07.088
Abramsky, S., Melliès, P.-A.: Concurrent games and full completeness. In: 14th Annual IEEE Symposium on Logic in Computer Science LICS, Trento, Italy, 2–5 July 1999, pp. 431–442. IEEE Computer Society (1999). https://doi.org/10.1109/LICS.1999.782638
Andreoli, J.-M.: Logic programming with focusing proofs in linear logic. J. Logic Comput. 2(3), 297–347 (1992). https://doi.org/10.1093/logcom/2.3.297
Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7 6
Aslanyan, Z., Nielson, F., Parker, D.: Quantitative verification and synthesis of attack-defence scenarios. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 105–119. IEEE Computer Society (2016). https://doi.org/10. 1109/CSF.2016.15
Audinot, M., Pinchinat, S., Kordy, B.: Is my attack tree correct? In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 83–102. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6 7
Birkhoff, G.: Rings of sets. Duke Math. J. 3(3), 443–454 (1937). https://doi.org/10.1215/S0012-7094-37-00334-X
Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: First International Conference on Availability, Reliability and Security (ARES 2006), pp. 416–423. IEEE Computer Society (2006). https://doi.org/10.1109/ARES.2006.46
Blass, A.: A game semantics for linear logic. Ann. Pure Appl. Logic 56(1), 183–220 (1992). https://doi.org/10.1016/0168-0072(92)90073-9
Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. J. ACM 31(3), 560–599 (1984). https://doi.org/10.1145/828.833
Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006). https://doi.org/10.1007/11962977 19
Chaudhuri, K., Miller, D., Saurin, A.: Canonical sequent proofs via multi-focusing. In: Ausiello, G., Karhumäki, J., Mauri, G., Ong, L. (eds.) TCS 2008. IIFIP, vol. 273, pp. 383–396. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-09680-3 26
Danos, V., Harmer, R.S.: Probabilistic game semantics. ACM Trans. Comput. Logic (TOCL) 3(3), 359–382 (2002). https://doi.org/10.1145/507382.507385
Debbabi, M., Saleh, M.: Game semantics model for security protocols. In: Lau, K.-K., Banach, R. (eds.) ICFEM 2005. LNCS, vol. 3785, pp. 125–140. Springer, Heidelberg (2005). https://doi.org/10.1007/11576280 10
Delande, O., Miller, D., Saurin, A.: Proof and refutation in MALL as a game. Ann. Pure Appl. Logic 161(5), 654–672 (2010). https://doi.org/10.1016/j.apal.2009.07. 017
Deswarte, Y., Blain, L., Fabre, J.C.: Intrusion tolerance in distributed computing systems. In: Proceedings of 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 110–121, May 1991. https://doi.org/10.1109/RISP. 1991.130780
Dimovski, A.S.: Ensuring secure non-interference of programs by game semantics. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 81–96. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2 6
Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35–50. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44878-7 3
Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., Willemse, T.A.C.: Refinement-aware generation of attack trees. In: Livraga, G., Mitchell, C. (eds.) STM 2017. LNCS, vol. 10547, pp. 164–179. Springer, Cham (2017). https://doi. org/10.1007/978-3-319-68063-7 11
Girard, J.-Y.: Linear logic. Theoret. comput. Sci. 50(1), 1–101 (1987). https://doi.org/10.1016/0304-3975(87)90045-4
Heijltjes, W., Hughes, D.J.: Complexity bounds for sum-product logic via additive proof nets and petri nets. In: 30th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2015, Kyoto, Japan, 6–10 July 2015, pp. 80–91. IEEE Computer Society (2015). https://doi.org/10.1109/LICS.2015.18
Hermanns, H., Krämer, J., Krčál, J., Stoelinga, M.: The value of attack-defence diagrams. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 163–185. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49635-0 9
Horne, R.: The consistency and complexity of multiplicative additive system virtual. Sci. Ann. Comput. Sci. 25(2), 245 (2015). https://doi.org/10.7561/SACS. 2015.2.245
Horne, R., Mauw, S., Tiu, A.: Semantics for specialising attack trees based on linear logic. Fund. Inform. 153(1–2), 57–86 (2017). https://doi.org/10.3233/FI-2017-1531
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, vol. 54. Springer, Heidelberg (2011). https://doi.org/10.1007/978-1-4614-0977-9
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8 23
Jiang, R., Luo, J., Wang, X.: An attack tree based risk assessment for location privacy in wireless sensor networks. In: WiCOM, pp. 1–4 (2012). https://doi.org/10.1109/WiCOM.2012.6478402
Kordy, B., Mauw, S., Melissen, M., Schweitzer, P.: Attack–defense trees and two-player binary zero-sum extensive form games are equivalent. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 245–256. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17197-0 17
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014). https://doi.org/10.1093/logcom/exs029
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. C. S. Rev. 13–14, 1–38 (2014)
Laurent, O.: Polarized games. Ann. Pure Appl. Logic 130(1–3), 79–123 (2004). https://doi.org/10.1016/j.apal.2004.04.006
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727 17
Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827 14
Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees: towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012). https://doi.org/10.1002/sec.299
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Zonouz, S.A., Khurana, H., Sanders, W.H., Yardley, T.M.: RRE: a game-theoretic intrusion response and recovery engine. IEEE Trans. Parallel Distrib. Syst. 25(2), 395–406 (2014). https://doi.org/10.1109/TPDS.2013.211