Top

International Journal on Software Tools for Technology Transfer

Published in:

07-01-2021 | Foundation for Mastering Change

ADTLang: a programming language approach to attack defense trees

Authors: René Rydhof Hansen, Kim Guldstrand Larsen, Axel Legay, Peter Gjøl Jensen, Danny Bøgsted Poulsen

Published in: International Journal on Software Tools for Technology Transfer | Issue 1/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Attack Defense Tree framework was developed to facilitate abstract reasoning about security issues of complex systems. As such, a zoo of techniques and extensions have emerged in an attempt to extend the simple Boolean logic of Attack Defense Trees with behavioral properties and quantities. In this paper we expand the modeling power of Attack Defense Trees by introducing a notion of temporal dependencies between attacks, forcing specific ordering of event in successful attacks. Importantly, we introduce a notion of policy for the defender, facilitating a pseudo-active defender, mechanically reacting to the choices of an attacker. To easen the use of Attack Defense Trees we introduce a domain specific language (DSL) and an accompanying tool. The introduction of the DSL facilitates reuse, modularity, collaborative tree construction and separation of logical properties and quantitative/behavioral elements. The usefulness of our framework is exhibited on a small running example, utilizing the policy-notion to implement a reactive Break The Glass policy. We note that all the implemented analysis techniques use well established tools from the formal methods community to produce the given results, relying on non-trivial and automatic translation to and from the target formalisms. Lastly we present our Open Source prototype-tool, capable of conducting various analysis and visualizing the results.

previous article Static analysis for discovering IoT vulnerabilities

next article Graph-based technique for survivability assessment and optimization of IoT applications

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Or most non-deterministic

Alur, R., Dill, D. L.: Automata for modeling real-time systems. In Paterson, M., editor, ICALP, volume 443 of Lecture Notes in Computer Science, pp. 322–335. Springer (1990). ISBN 3-540-52826-1

Aslanyan, Z., Nielson, F.: Pareto Efficient solutions of attack-defence trees. In: Principles of Security and Trust, volume 9036, p. 95 (2015). https://doi.org/10.1007/978-3-662-46666-7_6

Aslanyan, Z., Nielson, F., Parker, D.: Quantitative verification and synthesis of attack-defence scenarios. In IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27–July 1, 2016, pp. 105–119. IEEE Computer Society (2016). https://doi.org/10.1109/CSF.2016.15

Bossuat, A., Kordy, B.: Evil twins: handling repetitions in attack-defense trees—a survival guide. In: Liu et al. [13], pp. 17–37. ISBN 978-3-319-74859-7. https://doi.org/10.1007/978-3-319-74860-3_2

David, Alexandre, Larsen, G.Kim, Legay, Axel, Mikucionis, Marius, Poulsen, Danny Bøgsted: Uppaal SMC tutorial. STTT 17(4), 397–415 (2015). https://doi.org/10.1007/s10009-014-0361-yCrossRef

Gadyatskaya, O., Hansen, R. R., Larsen, K. G., Legay, A., Olesen, M. C., Poulsen, D. B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) Formal Modeling and Analysis of Timed Systems—14th International Conference, FORMATS 2016, Quebec, QC, Canada, August 24–26, 2016, Proceedings, volume 9884 of Lecture Notes in Computer Science, pp. 35–50. Springer, https://doi.org/10.1007/978-3-319-44878-7_3. ISBN 978-3-319-44877-0

Hansen, R. R., Jensen, P., Larsen, K. G., Legay, A., Poulsen, D. B.: Quantitative evaluation of attack defense trees using stochastic timed automata. In: Liu et al. [13], pp. 75–90. ISBN 978-3-319-74859-7. https://doi.org/10.1007/978-3-319-74860-3_5

Hermanns, H., Krämer, J., Krčál, J., Stoelinga, M.: The value of attack-defence diagrams. In: Piessens, F., Viganò, L. (eds.) Principles of Security and Trust. POST 2016. Lecture Notes in Computer Science, vol, 9635, pp. 163–185. Springer, Berlin, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49635-0_9

Johnson, Pontus, Lagerström, Robert, Ekstedt, Mathias: A meta language for threat modeling and attack simulations. In: Doerr, Sebastian, Fischer, Mathias, Schrittwieser, Sebastian, Herrmann, Dominik (eds.) Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, pp. 38:1–38:8. ACM, Hamburg (2018). https://doi.org/10.1145/3230833.3232799. ISBN 978-1-4503-6448-5CrossRef

10.

Kordy, Barbara, Mauw, Sjouke, Radomirović, Saša, Schweitzer, Patrick: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)MathSciNetCrossRef

11.

Kumar, Rajesh, Rensink, Arend, Stoelinga, Mariëlle: LOCKS: a property specification language for security goals. In: Haddad, M.Hisham, Wainwright, L.Roger, Chbeir, Richard (eds.) Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018, pp. 1907–1915. ACM, Pau (2018). https://doi.org/10.1145/3167132.3167336CrossRef

12.

Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. STTT 1(1–2), 134–152 (1997). https://doi.org/10.1007/s100090050010CrossRefMATH

13.

Liu, P., Mauw, S., Stølen, K. (eds) Graphical Models for Security—4th International Workshop, GraMSec 2017, Santa Barbara, CA, USA, August 21, 2017, Revised Selected Papers

14.

Schneier, B.: Attack trees. Dr. Dobb’s J. Softw. Tools 24(12), 21–22, 24, 26, 28–29 (1999)

15.

Younes, L.S.Håkan: Verification and Planning for Stochastic Processes with Asynchronous Events. PhD thesis. Carnegie Mellon University, Pittsburgh (2005)

Title: ADTLang: a programming language approach to attack defense trees
Authors: René Rydhof Hansen
Kim Guldstrand Larsen
Axel Legay
Peter Gjøl Jensen
Danny Bøgsted Poulsen
Publication date: 07-01-2021
Publisher: Springer Berlin Heidelberg
Published in: International Journal on Software Tools for Technology Transfer / Issue 1/2021
Print ISSN: 1433-2779
Electronic ISSN: 1433-2787
DOI: https://doi.org/10.1007/s10009-020-00593-w

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2021

Masterminding change by combining secure system design with security risk assessment

Detecting multiphase linear ranking functions for single-path linear-constraint loops

Graph-based technique for survivability assessment and optimization of IoT applications

Learning Moore machines from input–output traces

Static analysis for discovering IoT vulnerabilities

Static generation of UML sequence diagrams

Premium Partner