Formal Analysis of Graphical Security Models

Zaruhi Aslanyan

Research output: ThesisPhD Thesis - Research external, graduation external

82 Downloads (Pure)

Abstract

The increasing usage of computer-based systems in almost every aspect of our daily life makes more and more dangerous the threat posed by potential attackers, and more and more rewarding a successful attack. Moreover, the complexity of these systems is also increasing, including physical devices, software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing formal verification of their properties. Finally, their appealing graphical notations enable to communicate security concerns in an understandable way also to non-experts, often in charge of the decision making. This dissertation argues that automated techniques can be developed on graphical security models to evaluate qualitative and quantitative security properties of socio-technical systems and to synthesise optimal attack and defence strategies. In support to this claim we develop analysis techniques for widely-used graphical security models such as attack trees and attack-defence trees. Our analyses cope with the optimisation of multiple parameters of an attack and defence scenario. Improving on the literature, in case of conflicting parameters such as probability and cost we compute the set of optimal solutions in terms of Pareto efficiency. Moreover, we investigate the relation between attack and attack-defence trees and stochastic models in a verification-oriented setting, with the aim of levering the great many mature tools and analysis techniques developed for instance in the area of games.
Original languageEnglish
Awarding Institution
  • Technical University of Denmark
Supervisors/Advisors
  • Nielson, Flemming, Supervisor, External person
  • Probst, Christian W., Supervisor, External person
Award date26 Oct 2016
Place of PublicationLyngby, Denmark
Publisher
Publication statusPublished - 26 Oct 2016
Externally publishedYes

Fingerprint

Dive into the research topics of 'Formal Analysis of Graphical Security Models'. Together they form a unique fingerprint.

Cite this