The Value of Attack-Defence Diagrams

H. Hermanns, Julia Krämer, Jan Krčál, Mariëlle Ida Antoinette Stoelinga

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    16 Citations (Scopus)
    3 Downloads (Pure)

    Abstract

    Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.
    Original languageUndefined
    Title of host publicationProceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016
    EditorsFrank Piessens, Luca Viganò
    Place of PublicationBerlin
    PublisherSpringer
    Pages163-185
    Number of pages23
    ISBN (Print)978-3-662-49634-3
    DOIs
    Publication statusPublished - Apr 2016
    Event5th International Conference on Principles of Security and Trust, POST 2016 - Eindhoven, Netherlands
    Duration: 2 Apr 20168 Apr 2016
    Conference number: 5

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume9635
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference5th International Conference on Principles of Security and Trust, POST 2016
    Abbreviated titlePOST
    CountryNetherlands
    CityEindhoven
    Period2/04/168/04/16

    Keywords

    • EWI-26907
    • Socio-technical security
    • stochastic timed automata
    • EC Grant Agreement nr.: FP7/295261
    • METIS-316867
    • EC Grant Agreement nr.: FP7/318003
    • IR-100414
    • Attack-defense tree
    • Model Checking
    • EC Grant Agreement nr.: FP7/318490

    Cite this

    Hermanns, H., Krämer, J., Krčál, J., & Stoelinga, M. I. A. (2016). The Value of Attack-Defence Diagrams. In F. Piessens, & L. Viganò (Eds.), Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016 (pp. 163-185). (Lecture Notes in Computer Science; Vol. 9635). Berlin: Springer. https://doi.org/10.1007/978-3-662-49635-0_9
    Hermanns, H. ; Krämer, Julia ; Krčál, Jan ; Stoelinga, Mariëlle Ida Antoinette. / The Value of Attack-Defence Diagrams. Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. editor / Frank Piessens ; Luca Viganò. Berlin : Springer, 2016. pp. 163-185 (Lecture Notes in Computer Science).
    @inproceedings{4263bd377aed4aa7b1d662f9992e086a,
    title = "The Value of Attack-Defence Diagrams",
    abstract = "Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.",
    keywords = "EWI-26907, Socio-technical security, stochastic timed automata, EC Grant Agreement nr.: FP7/295261, METIS-316867, EC Grant Agreement nr.: FP7/318003, IR-100414, Attack-defense tree, Model Checking, EC Grant Agreement nr.: FP7/318490",
    author = "H. Hermanns and Julia Kr{\"a}mer and Jan Krč{\'a}l and Stoelinga, {Mari{\"e}lle Ida Antoinette}",
    note = "Foreground = 20{\%}; Type of activity = publication; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;",
    year = "2016",
    month = "4",
    doi = "10.1007/978-3-662-49635-0_9",
    language = "Undefined",
    isbn = "978-3-662-49634-3",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "163--185",
    editor = "Frank Piessens and Luca Vigan{\`o}",
    booktitle = "Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016",

    }

    Hermanns, H, Krämer, J, Krčál, J & Stoelinga, MIA 2016, The Value of Attack-Defence Diagrams. in F Piessens & L Viganò (eds), Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. Lecture Notes in Computer Science, vol. 9635, Springer, Berlin, pp. 163-185, 5th International Conference on Principles of Security and Trust, POST 2016, Eindhoven, Netherlands, 2/04/16. https://doi.org/10.1007/978-3-662-49635-0_9

    The Value of Attack-Defence Diagrams. / Hermanns, H.; Krämer, Julia; Krčál, Jan; Stoelinga, Mariëlle Ida Antoinette.

    Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. ed. / Frank Piessens; Luca Viganò. Berlin : Springer, 2016. p. 163-185 (Lecture Notes in Computer Science; Vol. 9635).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - The Value of Attack-Defence Diagrams

    AU - Hermanns, H.

    AU - Krämer, Julia

    AU - Krčál, Jan

    AU - Stoelinga, Mariëlle Ida Antoinette

    N1 - Foreground = 20%; Type of activity = publication; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;

    PY - 2016/4

    Y1 - 2016/4

    N2 - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

    AB - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

    KW - EWI-26907

    KW - Socio-technical security

    KW - stochastic timed automata

    KW - EC Grant Agreement nr.: FP7/295261

    KW - METIS-316867

    KW - EC Grant Agreement nr.: FP7/318003

    KW - IR-100414

    KW - Attack-defense tree

    KW - Model Checking

    KW - EC Grant Agreement nr.: FP7/318490

    U2 - 10.1007/978-3-662-49635-0_9

    DO - 10.1007/978-3-662-49635-0_9

    M3 - Conference contribution

    SN - 978-3-662-49634-3

    T3 - Lecture Notes in Computer Science

    SP - 163

    EP - 185

    BT - Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016

    A2 - Piessens, Frank

    A2 - Viganò, Luca

    PB - Springer

    CY - Berlin

    ER -

    Hermanns H, Krämer J, Krčál J, Stoelinga MIA. The Value of Attack-Defence Diagrams. In Piessens F, Viganò L, editors, Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. Berlin: Springer. 2016. p. 163-185. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-662-49635-0_9