Quantitative Attack Tree Analysis via Priced Timed Automata

TY - GEN

T1 - Quantitative Attack Tree Analysis via Priced Timed Automata

AU - Kumar,Rajesh

AU - Ruijters,Enno Jozef Johannes

AU - Stoelinga,Mariëlle Ida Antoinette

N1 - Foreground = 80%; Type of activity = Conference; Main leader = UT; Type of audience = scientific community, industry; Size of audience = 50; Countries addressed = International;

PY - 2015/9

Y1 - 2015/9

N2 - The success of a security attack crucially depends on the resources available to an attacker: time, budget, skill level, and risk appetite. Insight in these dependencies and the most vulnerable system parts is key to providing effective counter measures. This paper considers attack trees, one of the most prominent security formalisms for threat analysis. We provide an effective way to compute the resources needed for a successful attack, as well as the associated attack paths. These paths provide the optimal ways, from the perspective of the attacker, to attack the system, and provide a ranking of the most vulnerable system parts. By exploiting the priced timed automaton model checker Uppaal CORA, we realize important advantages over earlier attack tree analysis methods: we can handle more complex gates, temporal dependencies between attack steps, shared subtrees, and realistic, multi-parametric cost structures. Furthermore, due to its compositionality, our approach is flexible and easy to extend. We illustrate our approach with several standard case studies from the literature, showing that our method agrees with existing analyses of these cases, and can incorporate additional data, leading to more informative results.

AB - The success of a security attack crucially depends on the resources available to an attacker: time, budget, skill level, and risk appetite. Insight in these dependencies and the most vulnerable system parts is key to providing effective counter measures. This paper considers attack trees, one of the most prominent security formalisms for threat analysis. We provide an effective way to compute the resources needed for a successful attack, as well as the associated attack paths. These paths provide the optimal ways, from the perspective of the attacker, to attack the system, and provide a ranking of the most vulnerable system parts. By exploiting the priced timed automaton model checker Uppaal CORA, we realize important advantages over earlier attack tree analysis methods: we can handle more complex gates, temporal dependencies between attack steps, shared subtrees, and realistic, multi-parametric cost structures. Furthermore, due to its compositionality, our approach is flexible and easy to extend. We illustrate our approach with several standard case studies from the literature, showing that our method agrees with existing analyses of these cases, and can incorporate additional data, leading to more informative results.

KW - EC Grant Agreement nr.: FP7/318003

KW - EWI-25869

KW - FMT-MC: MODEL CHECKING

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - Model Checking

KW - IR-97025

KW - Socio-technical security

KW - Case Studies

KW - Attack Tree

KW - Attacker Profile

KW - METIS-312524

KW - Uppaal Cora

U2 - 10.1007/978-3-319-22975-1_11

DO - 10.1007/978-3-319-22975-1_11

M3 - Conference contribution

SN - 978-3-319-22974-4

T3 - Lecture Notes in Computer Science

SP - 156

EP - 171

BT - Proceedings of the 13th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS 2015)

PB - Springer International Publishing

CY - Zurich

ER -