Time-dependent analysis of attacks

Florian Arnold, Holger Hermanns, Reza Pulungan, Mariëlle Stoelinga

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

34 Citations (Scopus)

Abstract

The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker’s success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.
Original languageEnglish
Title of host publicationProceedings of the Third International Conference on Principles and Security of Trust, POST 2014
Place of PublicationBerlin
PublisherSpringer
Pages285-305
Number of pages21
ISBN (Print)978-3-642-54791-1
DOIs
Publication statusPublished - Apr 2014
Event3rd International Conference on Principles and Security of Trust, POST 2014 - Grenoble, France
Duration: 5 Apr 201413 Apr 2014
Conference number: 3

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume8414
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference3rd International Conference on Principles and Security of Trust, POST 2014
Abbreviated titlePOST
CountryFrance
CityGrenoble
Period5/04/1413/04/14

Fingerprint

Probability distributions

Keywords

  • phase type
  • EC Grant Agreement nr.: FP7/2007-2013
  • EC Grant Agreement nr.: FP7/295261
  • EC Grant Agreement nr.: FP7/318490
  • IR-91469
  • EWI-24810
  • Security
  • Attack trees
  • METIS-305906
  • EC Grant Agreement nr.: FP7/318003

Cite this

Arnold, F., Hermanns, H., Pulungan, R., & Stoelinga, M. (2014). Time-dependent analysis of attacks. In Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014 (pp. 285-305). (Lecture Notes in Computer Science; Vol. 8414). Berlin: Springer. https://doi.org/10.1007/978-3-642-54792-8_16
Arnold, Florian ; Hermanns, Holger ; Pulungan, Reza ; Stoelinga, Mariëlle. / Time-dependent analysis of attacks. Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014. Berlin : Springer, 2014. pp. 285-305 (Lecture Notes in Computer Science).
@inproceedings{7a3e4477de684c7a96c19c243bf22909,
title = "Time-dependent analysis of attacks",
abstract = "The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker’s success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.",
keywords = "phase type, EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/295261, EC Grant Agreement nr.: FP7/318490, IR-91469, EWI-24810, Security, Attack trees, METIS-305906, EC Grant Agreement nr.: FP7/318003",
author = "Florian Arnold and Holger Hermanns and Reza Pulungan and Mari{\"e}lle Stoelinga",
note = "Foreground = 50{\%} ; Type of activity = Conference ; Main leader = UT ; Type of audience = scientific community ; Size of audience = 100 ; Countries addressed = international ;",
year = "2014",
month = "4",
doi = "10.1007/978-3-642-54792-8_16",
language = "English",
isbn = "978-3-642-54791-1",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "285--305",
booktitle = "Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014",

}

Arnold, F, Hermanns, H, Pulungan, R & Stoelinga, M 2014, Time-dependent analysis of attacks. in Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014. Lecture Notes in Computer Science, vol. 8414, Springer, Berlin, pp. 285-305, 3rd International Conference on Principles and Security of Trust, POST 2014, Grenoble, France, 5/04/14. https://doi.org/10.1007/978-3-642-54792-8_16

Time-dependent analysis of attacks. / Arnold, Florian; Hermanns, Holger; Pulungan, Reza; Stoelinga, Mariëlle.

Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014. Berlin : Springer, 2014. p. 285-305 (Lecture Notes in Computer Science; Vol. 8414).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Time-dependent analysis of attacks

AU - Arnold, Florian

AU - Hermanns, Holger

AU - Pulungan, Reza

AU - Stoelinga, Mariëlle

N1 - Foreground = 50% ; Type of activity = Conference ; Main leader = UT ; Type of audience = scientific community ; Size of audience = 100 ; Countries addressed = international ;

PY - 2014/4

Y1 - 2014/4

N2 - The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker’s success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.

AB - The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker’s success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.

KW - phase type

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/295261

KW - EC Grant Agreement nr.: FP7/318490

KW - IR-91469

KW - EWI-24810

KW - Security

KW - Attack trees

KW - METIS-305906

KW - EC Grant Agreement nr.: FP7/318003

U2 - 10.1007/978-3-642-54792-8_16

DO - 10.1007/978-3-642-54792-8_16

M3 - Conference contribution

SN - 978-3-642-54791-1

T3 - Lecture Notes in Computer Science

SP - 285

EP - 305

BT - Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014

PB - Springer

CY - Berlin

ER -

Arnold F, Hermanns H, Pulungan R, Stoelinga M. Time-dependent analysis of attacks. In Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014. Berlin: Springer. 2014. p. 285-305. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-54792-8_16