• 5 Citations

Abstract

Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.
Original languageUndefined
Title of host publicationProceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016
EditorsFrank Piessens, Luca Viganò
Place of PublicationBerlin
PublisherSpringer Verlag
Pages163-185
Number of pages23
ISBN (Print)978-3-662-49634-3
DOIs
StatePublished - Apr 2016
Event5th International Conference on Principles of Security and Trust, POST 2016 - Eindhoven, Netherlands

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume9635
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Conference on Principles of Security and Trust, POST 2016
Abbreviated titlePOST
CountryNetherlands
CityEindhoven
Period2/04/168/04/16

Fingerprint

Semantics
Costs
Security systems
Mathematical models

Keywords

  • EWI-26907
  • Socio-technical security
  • stochastic timed automata
  • EC Grant Agreement nr.: FP7/295261
  • METIS-316867
  • EC Grant Agreement nr.: FP7/318003
  • IR-100414
  • Attack-defense tree
  • Model Checking
  • EC Grant Agreement nr.: FP7/318490

Cite this

Hermanns, H., Krämer, J., Krčál, J., & Stoelinga, M. I. A. (2016). The Value of Attack-Defence Diagrams. In F. Piessens, & L. Viganò (Eds.), Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016 (pp. 163-185). (Lecture Notes in Computer Science; Vol. 9635). Berlin: Springer Verlag. DOI: 10.1007/978-3-662-49635-0_9

Hermanns, H.; Krämer, Julia; Krčál, Jan; Stoelinga, Mariëlle Ida Antoinette / The Value of Attack-Defence Diagrams.

Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. ed. / Frank Piessens; Luca Viganò. Berlin : Springer Verlag, 2016. p. 163-185 (Lecture Notes in Computer Science; Vol. 9635).

Research output: Scientific - peer-reviewConference contribution

@inbook{4263bd377aed4aa7b1d662f9992e086a,
title = "The Value of Attack-Defence Diagrams",
abstract = "Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.",
keywords = "EWI-26907, Socio-technical security, stochastic timed automata, EC Grant Agreement nr.: FP7/295261, METIS-316867, EC Grant Agreement nr.: FP7/318003, IR-100414, Attack-defense tree, Model Checking, EC Grant Agreement nr.: FP7/318490",
author = "H. Hermanns and Julia Krämer and Jan Krčál and Stoelinga, {Mariëlle Ida Antoinette}",
note = "Foreground = 20%; Type of activity = publication; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;",
year = "2016",
month = "4",
doi = "10.1007/978-3-662-49635-0_9",
isbn = "978-3-662-49634-3",
series = "Lecture Notes in Computer Science",
publisher = "Springer Verlag",
pages = "163--185",
editor = "Frank Piessens and Luca Viganò",
booktitle = "Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016",

}

Hermanns, H, Krämer, J, Krčál, J & Stoelinga, MIA 2016, The Value of Attack-Defence Diagrams. in F Piessens & L Viganò (eds), Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. Lecture Notes in Computer Science, vol. 9635, Springer Verlag, Berlin, pp. 163-185, 5th International Conference on Principles of Security and Trust, POST 2016, Eindhoven, Netherlands, 2-8 April. DOI: 10.1007/978-3-662-49635-0_9

The Value of Attack-Defence Diagrams. / Hermanns, H.; Krämer, Julia; Krčál, Jan; Stoelinga, Mariëlle Ida Antoinette.

Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. ed. / Frank Piessens; Luca Viganò. Berlin : Springer Verlag, 2016. p. 163-185 (Lecture Notes in Computer Science; Vol. 9635).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - The Value of Attack-Defence Diagrams

AU - Hermanns,H.

AU - Krämer,Julia

AU - Krčál,Jan

AU - Stoelinga,Mariëlle Ida Antoinette

N1 - Foreground = 20%; Type of activity = publication; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;

PY - 2016/4

Y1 - 2016/4

N2 - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

AB - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

KW - EWI-26907

KW - Socio-technical security

KW - stochastic timed automata

KW - EC Grant Agreement nr.: FP7/295261

KW - METIS-316867

KW - EC Grant Agreement nr.: FP7/318003

KW - IR-100414

KW - Attack-defense tree

KW - Model Checking

KW - EC Grant Agreement nr.: FP7/318490

U2 - 10.1007/978-3-662-49635-0_9

DO - 10.1007/978-3-662-49635-0_9

M3 - Conference contribution

SN - 978-3-662-49634-3

T3 - Lecture Notes in Computer Science

SP - 163

EP - 185

BT - Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016

PB - Springer Verlag

ER -

Hermanns H, Krämer J, Krčál J, Stoelinga MIA. The Value of Attack-Defence Diagrams. In Piessens F, Viganò L, editors, Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. Berlin: Springer Verlag. 2016. p. 163-185. (Lecture Notes in Computer Science). Available from, DOI: 10.1007/978-3-662-49635-0_9