Attacker profiling in quantitative security assessment based on attack trees

Aleksandr Lenin, Jan Willemson, Dyan Permata Sari

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    28 Citations (Scopus)
    529 Downloads (Pure)

    Abstract

    We present the results of research of limiting adversarial budget in attack games, and, in particular, in the failure-free attack tree models presented by Buldas-Stepanenko in 2012 and improved in 2013 by Buldas and Lenin. In the previously presented models attacker’s budget was assumed to be unlimited. It is natural to assume that the adversarial budget is limited and such an assumption would allow us to model the adversarial decision making more close to the one that might happen in real life. We analyze three atomic cases – the single atomic case, the atomic AND, and the atomic OR. Even these elementary cases become quite complex, at the same time, limiting adversarial budget does not seem to provide any better or more precise results compared to the failure-free models. For the limited model analysis results to be reliable, it is required that the adversarial reward is estimated with high precision, probably not achievable by providing expert estimations for the quantitative annotations on the attack steps, such as the cost or the success probability. It is doubtful that it is reasonable to face this com- plexity, as the failure-free model provides reliable upper bounds, being at the same time computationally less complex.
    Original languageEnglish
    Title of host publicationSecure IT Systems
    Subtitle of host publication19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings
    EditorsKarin Bernsmed, Simone Fischer-Hübner
    Place of PublicationBerlin
    PublisherSpringer
    Pages199-212
    Number of pages14
    ISBN (Electronic)978-3-319-11599-3
    ISBN (Print)978-3-319-11598-6
    DOIs
    Publication statusPublished - Oct 2014
    Event19th Nordic Conference on Secure IT, NordSec 2014 - Tromsø, Norway
    Duration: 15 Oct 201417 Oct 2014
    Conference number: 19
    http://site.uit.no/nordsec2014/

    Publication series

    NameLecture notes in computer science
    PublisherSpringer
    Volume8788
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference19th Nordic Conference on Secure IT, NordSec 2014
    Abbreviated titleNordSec
    Country/TerritoryNorway
    CityTromsø
    Period15/10/1417/10/14
    Internet address

    Keywords

    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/318003
    • Boolean function
    • Attack scenario
    • Attack trees
    • Initial population size
    • Attack step

    Fingerprint

    Dive into the research topics of 'Attacker profiling in quantitative security assessment based on attack trees'. Together they form a unique fingerprint.

    Cite this