ATM: a Logic for Quantitative Security Properties on Attack Trees

Research output: Working paperPreprintAcademic

12 Downloads (Pure)

Abstract

Critical infrastructure systems - for which high reliability and availability are paramount - must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but - in spite of their popularity - little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting ATM, a logic to express quantitative security properties on ATs. ATM allows for the specification of properties involved with security metrics that include "cost", "probability" and "skill" and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply ATM to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms - based on binary decision diagrams - to check properties and compute metrics of ATM-formulae.
Original languageEnglish
PublisherArXiv.org
Number of pages20
DOIs
Publication statusPublished - 17 Sept 2023

Keywords

  • cs.CR
  • cs.LO

Fingerprint

Dive into the research topics of 'ATM: a Logic for Quantitative Security Properties on Attack Trees'. Together they form a unique fingerprint.
  • ATM: A Logic for Quantitative Security Properties on Attack Trees

    Nicoletti, S. M., Lopuhaä-Zwakenberg, M., Hahn, E. M. & Stoelinga, M., 2023, Software Engineering and Formal Methods: 21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings. Ferreira, C. & Willemse, T. A. C. (eds.). Cham: Springer, p. 205-225 21 p. (Lecture Notes in Computer Science; vol. 14323).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    Open Access
    File
    6 Downloads (Pure)

Cite this