Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems

Jaime Arias; Carlos E. Budde; Wojciech Penczek; Laure Petrucci; Mariëlle Stoelinga

Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems

Jaime Arias, Carlos E. Budde, Wojciech Penczek, Laure Petrucci, Mariëlle Stoelinga

Formal Methods and Tools

Research output: Working paper

37 Downloads (Pure)

Abstract

Attack-Defence Trees (ADTs) are well-suited to assess possible attacks to systems and the eﬃciency of counter-measures. In this paper, we ﬁrst enrich the available constructs with reactive patterns that cover further security scenarios, and equip all constructs with attributes such as time and cost to allow quantitative analyses. Then, ADTs are modelled as (an extension of) Asynchronous Multi-Agents Systems— EAMAS. The ADT–EAMAS transformation is performed in a systematic manner that ensures correctness. The transformation allows us to quantify the impact of diﬀerent agents conﬁgurations on metrics such as attack time. Using EAMAS also permits parametric veriﬁcation: we derive constraints for property satisfaction. Our approach is exercised on several case studies using the Uppaal and IMITATOR tools.

Original language	English
Publisher	ArXiv.org
Number of pages	19
Publication status	Published - 2019

Publication series

Name	arXiv.org
Publisher	Cornell University

Access to Document

arxiv-preprint-1906.05283Submitted version, 298 KB

http://arxiv.org/abs/1906.05283

Cite this

@techreport{98579d5f034e4a46ab1d47f7ae6386c4,

title = "Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems",

abstract = "Attack-Defence Trees (ADTs) are well-suited to assess possible attacks to systems and the eﬃciency of counter-measures. In this paper, we ﬁrst enrich the available constructs with reactive patterns that cover further security scenarios, and equip all constructs with attributes such as time and cost to allow quantitative analyses. Then, ADTs are modelled as (an extension of) Asynchronous Multi-Agents Systems— EAMAS. The ADT–EAMAS transformation is performed in a systematic manner that ensures correctness. The transformation allows us to quantify the impact of diﬀerent agents conﬁgurations on metrics such as attack time. Using EAMAS also permits parametric veriﬁcation: we derive constraints for property satisfaction. Our approach is exercised on several case studies using the Uppaal and IMITATOR tools.",

author = "Jaime Arias and Budde, {Carlos E.} and Wojciech Penczek and Laure Petrucci and Mari{\"e}lle Stoelinga",

year = "2019",

language = "English",

series = "arXiv.org",

publisher = "ArXiv.org",

type = "WorkingPaper",

institution = "ArXiv.org",

}

TY - UNPB

T1 - Hackers vs. Security

T2 - Attack-Defence Trees as Asynchronous Multi-Agent Systems

AU - Arias, Jaime

AU - Budde, Carlos E.

AU - Penczek, Wojciech

AU - Petrucci, Laure

AU - Stoelinga, Mariëlle

PY - 2019

Y1 - 2019

N2 - Attack-Defence Trees (ADTs) are well-suited to assess possible attacks to systems and the eﬃciency of counter-measures. In this paper, we ﬁrst enrich the available constructs with reactive patterns that cover further security scenarios, and equip all constructs with attributes such as time and cost to allow quantitative analyses. Then, ADTs are modelled as (an extension of) Asynchronous Multi-Agents Systems— EAMAS. The ADT–EAMAS transformation is performed in a systematic manner that ensures correctness. The transformation allows us to quantify the impact of diﬀerent agents conﬁgurations on metrics such as attack time. Using EAMAS also permits parametric veriﬁcation: we derive constraints for property satisfaction. Our approach is exercised on several case studies using the Uppaal and IMITATOR tools.

AB - Attack-Defence Trees (ADTs) are well-suited to assess possible attacks to systems and the eﬃciency of counter-measures. In this paper, we ﬁrst enrich the available constructs with reactive patterns that cover further security scenarios, and equip all constructs with attributes such as time and cost to allow quantitative analyses. Then, ADTs are modelled as (an extension of) Asynchronous Multi-Agents Systems— EAMAS. The ADT–EAMAS transformation is performed in a systematic manner that ensures correctness. The transformation allows us to quantify the impact of diﬀerent agents conﬁgurations on metrics such as attack time. Using EAMAS also permits parametric veriﬁcation: we derive constraints for property satisfaction. Our approach is exercised on several case studies using the Uppaal and IMITATOR tools.

M3 - Working paper

T3 - arXiv.org

BT - Hackers vs. Security

PB - ArXiv.org

ER -

Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems

Abstract

Publication series

Access to Document

Fingerprint

Cite this