ATM: A Logic for Quantitative Security Properties on Attack Trees

Stefano M. Nicoletti; Milan Lopuhaä-Zwakenberg; Ernst Moritz Hahn; Mariëlle Stoelinga

doi:10.1007/978-3-031-47115-5_12

ATM: A Logic for Quantitative Security Properties on Attack Trees

Stefano M. Nicoletti^*
, Milan Lopuhaä-Zwakenberg
, Ernst Moritz Hahn
, Mariëlle Stoelinga

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

83 Downloads (Pure)

Abstract

Critical infrastructure systems—for which high reliability and availability are paramount—must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but—in spite of their popularity—little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting $$\textsf{ATM}$$, a logic to express quantitative security properties on ATs. $$\textsf{ATM}$$ allows for the specification of properties involved with security metrics that include “cost”, “probability” and “skill” and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply $$\textsf{ATM}$$ to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms—based on binary decision diagrams—to check properties and compute metrics of $$\textsf{ATM}$$ -formulae.

Original language	English
Title of host publication	Software Engineering and Formal Methods
Subtitle of host publication	21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings
Editors	Carla Ferreira, Tim A.C. Willemse
Place of Publication	Cham
Publisher	Springer
Pages	205-225
Number of pages	21
ISBN (Electronic)	978-3-031-47115-5
ISBN (Print)	978-3-031-47114-8
DOIs	https://doi.org/10.1007/978-3-031-47115-5_12
Publication status	Published - 2023
Event	21st International Conference on Software Engineering and Formal Methods, SEFM 2023 - Eindhoven University of Technology, Eindhoven, Netherlands Duration: 6 Nov 2023 → 10 Nov 2023 Conference number: 21 https://sefm-conference.github.io/2023/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	14323
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Software Engineering and Formal Methods, SEFM 2023
Abbreviated title	SEFM 2023
Country/Territory	Netherlands
City	Eindhoven
Period	6/11/23 → 10/11/23
Internet address	https://sefm-conference.github.io/2023/

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Keywords

2023 OA procedure

Access to Document

10.1007/978-3-031-47115-5_12

ArticleFinal published version, 957 KBLicence: Taverne

Cite this

Nicoletti, S. M., Lopuhaä-Zwakenberg, M., Hahn, E. M., & Stoelinga, M. (2023). ATM: A Logic for Quantitative Security Properties on Attack Trees. In C. Ferreira, & T. A. C. Willemse (Eds.), Software Engineering and Formal Methods: 21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings (pp. 205-225). (Lecture Notes in Computer Science; Vol. 14323). Springer. https://doi.org/10.1007/978-3-031-47115-5_12

Nicoletti, Stefano M. ; Lopuhaä-Zwakenberg, Milan ; Hahn, Ernst Moritz et al. / ATM : A Logic for Quantitative Security Properties on Attack Trees. Software Engineering and Formal Methods: 21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings. editor / Carla Ferreira ; Tim A.C. Willemse. Cham : Springer, 2023. pp. 205-225 (Lecture Notes in Computer Science).

@inproceedings{a305b19138c94f3092541992377ec8b8,

title = "ATM: A Logic for Quantitative Security Properties on Attack Trees",

abstract = "Critical infrastructure systems—for which high reliability and availability are paramount—must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but—in spite of their popularity—little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting \$\$\textbackslash{}textsf\{ATM\}\$\$, a logic to express quantitative security properties on ATs. \$\$\textbackslash{}textsf\{ATM\}\$\$ allows for the specification of properties involved with security metrics that include “cost”, “probability” and “skill” and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply \$\$\textbackslash{}textsf\{ATM\}\$\$ to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms—based on binary decision diagrams—to check properties and compute metrics of \$\$\textbackslash{}textsf\{ATM\}\$\$ -formulae.",

keywords = "2023 OA procedure",

author = "Nicoletti, \{Stefano M.\} and Milan Lopuha{\"a}-Zwakenberg and Hahn, \{Ernst Moritz\} and Mari{\"e}lle Stoelinga",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.; 21st International Conference on Software Engineering and Formal Methods, SEFM 2023, SEFM 2023 ; Conference date: 06-11-2023 Through 10-11-2023",

year = "2023",

doi = "10.1007/978-3-031-47115-5\_12",

language = "English",

isbn = "978-3-031-47114-8",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "205--225",

editor = "Carla Ferreira and Willemse, \{Tim A.C.\}",

booktitle = "Software Engineering and Formal Methods",

address = "Germany",

url = "https://sefm-conference.github.io/2023/",

}

Nicoletti, SM , Lopuhaä-Zwakenberg, M, Hahn, EM & Stoelinga, M 2023, ATM: A Logic for Quantitative Security Properties on Attack Trees. in C Ferreira & TAC Willemse (eds), Software Engineering and Formal Methods: 21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings. Lecture Notes in Computer Science, vol. 14323, Springer, Cham, pp. 205-225, 21st International Conference on Software Engineering and Formal Methods, SEFM 2023, Eindhoven, Netherlands, 6/11/23. https://doi.org/10.1007/978-3-031-47115-5_12

ATM: A Logic for Quantitative Security Properties on Attack Trees. / Nicoletti, Stefano M.; Lopuhaä-Zwakenberg, Milan; Hahn, Ernst Moritz et al.
Software Engineering and Formal Methods: 21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings. ed. / Carla Ferreira; Tim A.C. Willemse. Cham: Springer, 2023. p. 205-225 (Lecture Notes in Computer Science; Vol. 14323).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ATM

T2 - 21st International Conference on Software Engineering and Formal Methods, SEFM 2023

AU - Nicoletti, Stefano M.

AU - Lopuhaä-Zwakenberg, Milan

AU - Hahn, Ernst Moritz

AU - Stoelinga, Mariëlle

N1 - Conference code: 21

PY - 2023

Y1 - 2023

N2 - Critical infrastructure systems—for which high reliability and availability are paramount—must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but—in spite of their popularity—little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting $$\textsf{ATM}$$, a logic to express quantitative security properties on ATs. $$\textsf{ATM}$$ allows for the specification of properties involved with security metrics that include “cost”, “probability” and “skill” and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply $$\textsf{ATM}$$ to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms—based on binary decision diagrams—to check properties and compute metrics of $$\textsf{ATM}$$ -formulae.

AB - Critical infrastructure systems—for which high reliability and availability are paramount—must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but—in spite of their popularity—little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting $$\textsf{ATM}$$, a logic to express quantitative security properties on ATs. $$\textsf{ATM}$$ allows for the specification of properties involved with security metrics that include “cost”, “probability” and “skill” and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply $$\textsf{ATM}$$ to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms—based on binary decision diagrams—to check properties and compute metrics of $$\textsf{ATM}$$ -formulae.

KW - 2023 OA procedure

UR - https://www.scopus.com/pages/publications/85177437728

U2 - 10.1007/978-3-031-47115-5_12

DO - 10.1007/978-3-031-47115-5_12

M3 - Conference contribution

SN - 978-3-031-47114-8

T3 - Lecture Notes in Computer Science

SP - 205

EP - 225

BT - Software Engineering and Formal Methods

A2 - Ferreira, Carla

A2 - Willemse, Tim A.C.

PB - Springer

CY - Cham

Y2 - 6 November 2023 through 10 November 2023

ER -

Nicoletti SM , Lopuhaä-Zwakenberg M, Hahn EM, Stoelinga M. ATM: A Logic for Quantitative Security Properties on Attack Trees. In Ferreira C, Willemse TAC, editors, Software Engineering and Formal Methods: 21st International Conference, SEFM 2023, Eindhoven, The Netherlands, November 6-10, 2023, Proceedings. Cham: Springer. 2023. p. 205-225. (Lecture Notes in Computer Science). Epub 2023 Oct 31. doi: 10.1007/978-3-031-47115-5_12

ATM: A Logic for Quantitative Security Properties on Attack Trees

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

ATM: A Logic for Quantitative Security Properties on Attack Trees

If a Tree Falls in the Forest: Risk Logics for Safety-Security Analysis

ATM: a Logic for Quantitative Security Properties on Attack Trees

Cite this