The Value of Attack-Defence Diagrams

H. Hermanns, Julia Krämer, Jan Krčál, Mariëlle Ida Antoinette Stoelinga

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    25 Citations (Scopus)
    3 Downloads (Pure)


    Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.
    Original languageUndefined
    Title of host publicationProceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016
    EditorsFrank Piessens, Luca Viganò
    Place of PublicationBerlin
    Number of pages23
    ISBN (Print)978-3-662-49634-3
    Publication statusPublished - Apr 2016
    Event5th International Conference on Principles of Security and Trust, POST 2016 - Eindhoven, Netherlands
    Duration: 2 Apr 20168 Apr 2016
    Conference number: 5

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Conference5th International Conference on Principles of Security and Trust, POST 2016
    Abbreviated titlePOST


    • EWI-26907
    • Socio-technical security
    • stochastic timed automata
    • EC Grant Agreement nr.: FP7/295261
    • METIS-316867
    • EC Grant Agreement nr.: FP7/318003
    • IR-100414
    • Attack-defense tree
    • Model Checking
    • EC Grant Agreement nr.: FP7/318490

    Cite this