Attribute Decoration of Attack–Defense Trees

Bagnato, Alessandra; Kordy, Barbara; Meland, Per Håkon; Schweitzer, Patrick

doi:10.4018/jsse.2012040101

Cited by 52 publications

(55 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [16], we have proven that the analysis of attack-defense trees is computationally not more expensive than the analysis of attack trees. Furthermore, the usefulness of attack-defense trees for the analysis of real-world security problems has been validated in a large industrial case study [2]. These results show that attack-defense trees have the potential to become an efficient and practical security modeling and risk assessment tool.…”

Section: Introductionmentioning

confidence: 83%

A Probabilistic Framework for Security Scenarios with Dependent Actions

Kordy

Pouly

Schweizer

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

International audienceThis work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform probabilistic evaluation of attack–defense scenarios involving dependent actions. To improve the efficiency of our computations, we make use of inference algorithms from Bayesian networks and encoding techniques from constraint reasoning. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory

show abstract

Section: Introductionmentioning

confidence: 83%

A Probabilistic Framework for Security Scenarios with Dependent Actions

Kordy

Pouly

Schweizer

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…They identified rules for which extending attack trees did not increase computational complexity. Bagnato et al [19] also used attack-defense trees, which focus on how attackers and defenders relate, to identify risk to an RFID system in a case study. Based on their model, they were able to identify guidelines to adhere to when using similar strategies.…”

Section: Attack Graph Modelsmentioning

confidence: 99%

“…This is done in order to enhance the expressive capability of the model. The values of the characteristics are determined based on cognitive assessment and historical events [19].…”

Section: Attack Graph Modelsmentioning

confidence: 99%

Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

Luckett¹,

McDonald²,

Glisson³

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…Kordy et al [16] provide a survey on attack trees and related formalisms. While basic quantitative analysis, i.e., a bottom-up computation for a single parameter (e.g., cost, probability or time of an attack), can be performed directly on attack trees [4], several proposals exist to extend the basic attack tree formalism in order to support better analysis. For example, Buldas et al [6], Jürgenson and Willemson [14] introduced multi-parameter attack trees with interdependent variables; Dalton et al [7] have proposed analysing attack trees as Generalized Stochastic Petri Nets; Arnold et al [2] applied interactive Input/Output Markov Chains to enhance temporal and stochastic dependencies analysis in attack trees.…”

Section: Introductionmentioning

confidence: 99%

“…For example, burglarresistance classes for physical security mechanisms, such as doors and windows, define how much time an attacker equipped with certain tools needs to spend on the intrusion [25]. Explicit consideration of defenses in the analysis allows the domain experts to get a better picture of the scenario [4,15]. Recently, Hermanns et al [12] have created the attack-defense-diagrams formalism extending attackedefense trees with trigger and reset gates, which allow expressing temporal behaviours.…”

Section: Introductionmentioning

confidence: 99%

Modelling Attack-defense Trees Using Timed Automata

Gadyatskaya

Hansen

Larsen

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Performing a thorough security risk assessment of an organisation has always been challenging, but with the increased reliance on outsourced and off-site third-party services, i.e., "cloud services", combined with internal (legacy) IT-infrastructure and -services, it has become a very difficult and time-consuming task. One of the traditional tools available to ease the burden of performing a security risk assessment and structure security analyses in general is attack trees [19,23,24], a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we study an extension of traditional attack trees, called attack-defense trees, in which not only the attacker's actions are modelled, but also the defensive actions taken by the attacked party [15]. In this work we use the attack-defense tree as a goal an attacker wants to achieve, and separate the behaviour of the attacker and defender from the attack-defense-tree. We give a fully stochastic timed semantics for the behaviour of the attacker by introducing attacker profiles that choose actions probabilistically and execute these according to a probability density. Lastly, the stochastic semantics provides success probabilitites for individual actions. Furthermore, we show how to introduce costs of attacker actions. Finally, we show how to automatically encode it all with a network of timed automata, an encoding that enables us to apply state-of-the-art model checking tools and techniques to perform fully automated quantitative and qualitative analyses of the modelled system.

show abstract

Attribute Decoration of Attack–Defense Trees

Cited by 52 publications

References 24 publications

A Probabilistic Framework for Security Scenarios with Dependent Actions

A Probabilistic Framework for Security Scenarios with Dependent Actions

Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

Modelling Attack-defense Trees Using Timed Automata

Contact Info

Product

Resources

About