Abstract

Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks). This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.
Original languageUndefined
Title of host publicationProceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017)
PublisherIEEE
Pages25-32
Number of pages8
ISBN (Electronic)978-1-5090-4636-2
ISBN (Print)978-1-5090-4637-9
DOIs
StatePublished - 12 Jan 2017

Publication series

NameHASE
PublisherIEEE
ISSN (Print)1530-2059

Fingerprint

Model checking
Stochastic models
Sensitivity analysis
Power plants
Costs
Side channel attack

Keywords

  • IR-101936
  • Multi parameter attack trees
  • Quantitative analysis
  • Safety and security modelling
  • Stochastic model checking
  • EC Grant Agreement nr.: FP7/318003
  • EC Grant Agreement nr.: FP7/2007-2013
  • EWI-27360

Cite this

Kumar, R., & Stoelinga, M. I. A. (2017). Quantitative security and safety analysis with attack-fault trees. In Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017) (pp. 25-32). (HASE). IEEE. DOI: 10.1109/HASE.2017.12

Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette / Quantitative security and safety analysis with attack-fault trees.

Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017). IEEE, 2017. p. 25-32 (HASE).

Research output: Scientific - peer-reviewConference contribution

@inbook{0d64efaecfae494281c3116bb4dfe39d,
title = "Quantitative security and safety analysis with attack-fault trees",
abstract = "Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks). This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.",
keywords = "IR-101936, Multi parameter attack trees, Quantitative analysis, Safety and security modelling, Stochastic model checking, EC Grant Agreement nr.: FP7/318003, EC Grant Agreement nr.: FP7/2007-2013, EWI-27360",
author = "Rajesh Kumar and Stoelinga, {Mariëlle Ida Antoinette}",
note = "Foreground = 50% ; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 40; Countries addressed = international;",
year = "2017",
month = "1",
doi = "10.1109/HASE.2017.12",
isbn = "978-1-5090-4637-9",
series = "HASE",
publisher = "IEEE",
pages = "25--32",
booktitle = "Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017)",

}

Kumar, R & Stoelinga, MIA 2017, Quantitative security and safety analysis with attack-fault trees. in Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017). HASE, IEEE, pp. 25-32. DOI: 10.1109/HASE.2017.12

Quantitative security and safety analysis with attack-fault trees. / Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette.

Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017). IEEE, 2017. p. 25-32 (HASE).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Quantitative security and safety analysis with attack-fault trees

AU - Kumar,Rajesh

AU - Stoelinga,Mariëlle Ida Antoinette

N1 - Foreground = 50% ; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 40; Countries addressed = international;

PY - 2017/1/12

Y1 - 2017/1/12

N2 - Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks). This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.

AB - Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks). This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.

KW - IR-101936

KW - Multi parameter attack trees

KW - Quantitative analysis

KW - Safety and security modelling

KW - Stochastic model checking

KW - EC Grant Agreement nr.: FP7/318003

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EWI-27360

U2 - 10.1109/HASE.2017.12

DO - 10.1109/HASE.2017.12

M3 - Conference contribution

SN - 978-1-5090-4637-9

T3 - HASE

SP - 25

EP - 32

BT - Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017)

PB - IEEE

ER -

Kumar R, Stoelinga MIA. Quantitative security and safety analysis with attack-fault trees. In Proceedings of the 18th IEEE International Symposium on High Assurance Systems Engineering (HASE 2017). IEEE. 2017. p. 25-32. (HASE). Available from, DOI: 10.1109/HASE.2017.12