The Value of Attack-Defence Diagrams

H. Hermanns; Julia Krämer; Jan Krčál; Mariëlle Ida Antoinette Stoelinga

doi:10.1007/978-3-662-49635-0_9

The Value of Attack-Defence Diagrams

H. Hermanns, Julia Krämer, Jan Krčál, Mariëlle Ida Antoinette Stoelinga

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

25 Citations (Scopus)

3 Downloads (Pure)

Abstract

Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

Original language	Undefined
Title of host publication	Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016
Editors	Frank Piessens, Luca Viganò
Place of Publication	Berlin
Publisher	Springer
Pages	163-185
Number of pages	23
ISBN (Print)	978-3-662-49634-3
DOIs	https://doi.org/10.1007/978-3-662-49635-0_9
Publication status	Published - Apr 2016
Event	5th International Conference on Principles of Security and Trust, POST 2016 - Eindhoven, Netherlands Duration: 2 Apr 2016 → 8 Apr 2016 Conference number: 5

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	9635
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Conference on Principles of Security and Trust, POST 2016
Abbreviated title	POST
Country/Territory	Netherlands
City	Eindhoven
Period	2/04/16 → 8/04/16

Keywords

EWI-26907
Socio-technical security
stochastic timed automata
EC Grant Agreement nr.: FP7/295261
METIS-316867
EC Grant Agreement nr.: FP7/318003
IR-100414
Attack-defense tree
Model Checking
EC Grant Agreement nr.: FP7/318490

Access to Document

10.1007/978-3-662-49635-0_9

http://eprints.eemcs.utwente.nl/secure2/26907/01/2016_Holger_Kracal_Kramer_Stoelinga.pdf

Cite this

Hermanns, H., Krämer, J., Krčál, J., & Stoelinga, M. I. A. (2016). The Value of Attack-Defence Diagrams. In F. Piessens, & L. Viganò (Eds.), Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016 (pp. 163-185). (Lecture Notes in Computer Science; Vol. 9635). Springer. https://doi.org/10.1007/978-3-662-49635-0_9

Hermanns, H. ; Krämer, Julia ; Krčál, Jan et al. / The Value of Attack-Defence Diagrams. Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. editor / Frank Piessens ; Luca Viganò. Berlin : Springer, 2016. pp. 163-185 (Lecture Notes in Computer Science).

@inproceedings{4263bd377aed4aa7b1d662f9992e086a,

title = "The Value of Attack-Defence Diagrams",

abstract = "Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram{\textquoteright}s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game{\textquoteright}s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.",

keywords = "EWI-26907, Socio-technical security, stochastic timed automata, EC Grant Agreement nr.: FP7/295261, METIS-316867, EC Grant Agreement nr.: FP7/318003, IR-100414, Attack-defense tree, Model Checking, EC Grant Agreement nr.: FP7/318490",

author = "H. Hermanns and Julia Kr{\"a}mer and Jan Kr{\v c}{\'a}l and Stoelinga, {Mari{\"e}lle Ida Antoinette}",

note = "Foreground = 20%; Type of activity = publication; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;; null ; Conference date: 02-04-2016 Through 08-04-2016",

year = "2016",

month = apr,

doi = "10.1007/978-3-662-49635-0_9",

language = "Undefined",

isbn = "978-3-662-49634-3",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "163--185",

editor = "Frank Piessens and Luca Vigan{\`o}",

booktitle = "Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016",

}

Hermanns, H, Krämer, J, Krčál, J & Stoelinga, MIA 2016, The Value of Attack-Defence Diagrams. in F Piessens & L Viganò (eds), Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. Lecture Notes in Computer Science, vol. 9635, Springer, Berlin, pp. 163-185, 5th International Conference on Principles of Security and Trust, POST 2016, Eindhoven, Netherlands, 2/04/16. https://doi.org/10.1007/978-3-662-49635-0_9

The Value of Attack-Defence Diagrams. / Hermanns, H.; Krämer, Julia; Krčál, Jan et al.

Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. ed. / Frank Piessens; Luca Viganò. Berlin : Springer, 2016. p. 163-185 (Lecture Notes in Computer Science; Vol. 9635).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - The Value of Attack-Defence Diagrams

AU - Hermanns, H.

AU - Krämer, Julia

AU - Krčál, Jan

AU - Stoelinga, Mariëlle Ida Antoinette

N1 - Conference code: 5

PY - 2016/4

Y1 - 2016/4

N2 - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

AB - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

KW - EWI-26907

KW - Socio-technical security

KW - stochastic timed automata

KW - EC Grant Agreement nr.: FP7/295261

KW - METIS-316867

KW - EC Grant Agreement nr.: FP7/318003

KW - IR-100414

KW - Attack-defense tree

KW - Model Checking

KW - EC Grant Agreement nr.: FP7/318490

U2 - 10.1007/978-3-662-49635-0_9

DO - 10.1007/978-3-662-49635-0_9

M3 - Conference contribution

SN - 978-3-662-49634-3

T3 - Lecture Notes in Computer Science

SP - 163

EP - 185

BT - Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016

A2 - Piessens, Frank

A2 - Viganò, Luca

PB - Springer

CY - Berlin

Y2 - 2 April 2016 through 8 April 2016

ER -

Hermanns H, Krämer J, Krčál J, Stoelinga MIA. The Value of Attack-Defence Diagrams. In Piessens F, Viganò L, editors, Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016. Berlin: Springer. 2016. p. 163-185. (Lecture Notes in Computer Science). doi: 10.1007/978-3-662-49635-0_9