Sequential and Parallel Attack Tree Modelling

Florian Arnold, Dennis Guck, Rajesh Kumar, Mariëlle Stoelinga

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

11 Citations (Scopus)

Abstract

The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.
Original languageEnglish
Title of host publicationComputer Safety, Reliability, and Security
Subtitle of host publicationSAFECOMP 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings
EditorsFloor Koornneef, Coen van Gulijk
Place of PublicationCham
PublisherSpringer
Pages291-299
Number of pages9
ISBN (Electronic)978-3-319-24249-1
ISBN (Print)978-3-319-24248-4
DOIs
Publication statusPublished - Sep 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume9338
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Engineers
Planning

Keywords

  • EC Grant Agreement nr.: FP7/318003
  • EWI-26252
  • EC Grant Agreement nr.: FP7/2007-2013
  • SEQ-OR
  • METIS-312708
  • IR-97256
  • Case Studies
  • Markov Automata
  • Attack Tree
  • Security analysis
  • Sequential and parallel

Cite this

Arnold, F., Guck, D., Kumar, R., & Stoelinga, M. (2015). Sequential and Parallel Attack Tree Modelling. In F. Koornneef, & C. van Gulijk (Eds.), Computer Safety, Reliability, and Security: SAFECOMP 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings (pp. 291-299). (Lecture Notes in Computer Science; Vol. 9338). Cham: Springer. https://doi.org/10.1007/978-3-319-24249-1_25
Arnold, Florian ; Guck, Dennis ; Kumar, Rajesh ; Stoelinga, Mariëlle. / Sequential and Parallel Attack Tree Modelling. Computer Safety, Reliability, and Security: SAFECOMP 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings. editor / Floor Koornneef ; Coen van Gulijk. Cham : Springer, 2015. pp. 291-299 (Lecture Notes in Computer Science).
@inproceedings{451bb9bff36348ec9d6aef9b5081e830,
title = "Sequential and Parallel Attack Tree Modelling",
abstract = "The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.",
keywords = "EC Grant Agreement nr.: FP7/318003, EWI-26252, EC Grant Agreement nr.: FP7/2007-2013, SEQ-OR, METIS-312708, IR-97256, Case Studies, Markov Automata, Attack Tree, Security analysis, Sequential and parallel",
author = "Florian Arnold and Dennis Guck and Rajesh Kumar and Mari{\"e}lle Stoelinga",
note = "Foreground = 80{\%}; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;",
year = "2015",
month = "9",
doi = "10.1007/978-3-319-24249-1_25",
language = "English",
isbn = "978-3-319-24248-4",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "291--299",
editor = "Floor Koornneef and {van Gulijk}, Coen",
booktitle = "Computer Safety, Reliability, and Security",

}

Arnold, F, Guck, D, Kumar, R & Stoelinga, M 2015, Sequential and Parallel Attack Tree Modelling. in F Koornneef & C van Gulijk (eds), Computer Safety, Reliability, and Security: SAFECOMP 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings. Lecture Notes in Computer Science, vol. 9338, Springer, Cham, pp. 291-299. https://doi.org/10.1007/978-3-319-24249-1_25

Sequential and Parallel Attack Tree Modelling. / Arnold, Florian; Guck, Dennis; Kumar, Rajesh; Stoelinga, Mariëlle.

Computer Safety, Reliability, and Security: SAFECOMP 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings. ed. / Floor Koornneef; Coen van Gulijk. Cham : Springer, 2015. p. 291-299 (Lecture Notes in Computer Science; Vol. 9338).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Sequential and Parallel Attack Tree Modelling

AU - Arnold, Florian

AU - Guck, Dennis

AU - Kumar, Rajesh

AU - Stoelinga, Mariëlle

N1 - Foreground = 80%; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;

PY - 2015/9

Y1 - 2015/9

N2 - The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.

AB - The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.

KW - EC Grant Agreement nr.: FP7/318003

KW - EWI-26252

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - SEQ-OR

KW - METIS-312708

KW - IR-97256

KW - Case Studies

KW - Markov Automata

KW - Attack Tree

KW - Security analysis

KW - Sequential and parallel

U2 - 10.1007/978-3-319-24249-1_25

DO - 10.1007/978-3-319-24249-1_25

M3 - Conference contribution

SN - 978-3-319-24248-4

T3 - Lecture Notes in Computer Science

SP - 291

EP - 299

BT - Computer Safety, Reliability, and Security

A2 - Koornneef, Floor

A2 - van Gulijk, Coen

PB - Springer

CY - Cham

ER -

Arnold F, Guck D, Kumar R, Stoelinga M. Sequential and Parallel Attack Tree Modelling. In Koornneef F, van Gulijk C, editors, Computer Safety, Reliability, and Security: SAFECOMP 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings. Cham: Springer. 2015. p. 291-299. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-24249-1_25