Abstract
The increasing usage of computer-based systems in almost every aspect of our
daily life makes more and more dangerous the threat posed by potential attackers,
and more and more rewarding a successful attack. Moreover, the complexity
of these systems is also increasing, including physical devices, software
components and human actors interacting with each other to form so-called
socio-technical systems. The importance of socio-technical systems to modern
societies requires verifying their security properties formally, while their inherent
complexity makes manual analyses impracticable.
Graphical models for security offer an unrivalled opportunity to describe
socio-technical systems, for they allow to represent different aspects like human
behaviour, computation and physical phenomena in an abstract yet uniform
manner. Moreover, these models can be assigned a formal semantics, thereby
allowing formal verification of their properties. Finally, their appealing graphical
notations enable to communicate security concerns in an understandable way
also to non-experts, often in charge of the decision making.
This dissertation argues that automated techniques can be developed on
graphical security models to evaluate qualitative and quantitative security properties
of socio-technical systems and to synthesise optimal attack and defence
strategies.
In support to this claim we develop analysis techniques for widely-used
graphical security models such as attack trees and attack-defence trees. Our
analyses cope with the optimisation of multiple parameters of an attack and
defence scenario. Improving on the literature, in case of conflicting parameters
such as probability and cost we compute the set of optimal solutions in
terms of Pareto efficiency. Moreover, we investigate the relation between attack
and attack-defence trees and stochastic models in a verification-oriented setting,
with the aim of levering the great many mature tools and analysis techniques
developed for instance in the area of games.
Original language | English |
---|---|
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 26 Oct 2016 |
Place of Publication | Lyngby, Denmark |
Publisher | |
Publication status | Published - 26 Oct 2016 |
Externally published | Yes |