Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Faceted Dynamic Information Flow via Control and Data Monads Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

The Value of Attack-Defence Diagrams

verfasst von : Holger Hermanns, Julia Krämer, Jan Krčál, Mariëlle Stoelinga

Erschienen in: Principles of Security and Trust

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Correct Audit Logging: Theory and Practice
Nächstes Kapitel Composing Protocols with Randomized Actions
Fußnoten
1
The measurable space over traces is defined by the standard cylinder construction as for finite state continuous time Markov chains, see e.g. [5].
 
Literatur
1.
2.
Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015 Workshops. LNCS, vol. 9338, pp. 291–299. Springer, Heidelberg (2015)CrossRef
3.
Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)CrossRef
4.
Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015)
5.
Baier, C., Haverkort, B., Hermanns, H., Katoen, J.-P.: Model-checking algorithms for continuous-time Markov chains. IEEE Trans. Softw. Eng. 29(6), 524–541 (2003)CrossRefMATH
6.
Bistarelli, S., Dall’Aglio, M., Peretti, P.: Strategic games on defense trees. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 1–15. Springer, Heidelberg (2007)CrossRef
7.
Bohnenkamp, H., D’Argenio, P.R., Hermanns, H., Katoen, J.-P.: MODEST: a compositional modeling formalism for hard and softly timed systems. IEEE Trans. Softw. Eng. 32(2), 812–830 (2006)CrossRef
8.
9.
Bouyer, P., Forejt, V.: Reachability in stochastic timed games. In: Albers, S., Marchetti-Spaccamela, A., Matias, Y., Nikoletseas, S., Thomas, W. (eds.) ICALP 2009, Part II. LNCS, vol. 5556, pp. 103–114. Springer, Heidelberg (2009)CrossRef
10.
Brázdil, T., Krčál, J., Křetínský, J., Kučera, A., Řehák, V.: Stochastic real-time games with qualitative timed automata objectives. In: Gastin, P., Laroussinie, F. (eds.) CONCUR 2010. LNCS, vol. 6269, pp. 207–221. Springer, Heidelberg (2010)CrossRef
11.
Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)CrossRef
12.
Coulom, R.: Efficient selectivity and backup operators in Monte-Carlo tree search. In: Computers and Games (CG), pp. 72–83 (2006)
13.
David, A., Jensen, P., Larsen, K., Mikučionis, M., Taankvist, J.: Uppaal Stratego. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 206–211. Springer, Heidelberg (2015)
14.
David, A., Fang, H., Larsen, K.G., Zhang, Z.: Verification and performance evaluation of timed game strategies. In: Legay, A., Bozga, M. (eds.) FORMATS 2014. LNCS, vol. 8711, pp. 100–114. Springer, Heidelberg (2014)
15.
Hahn, E.M., Hartmanns, A., Hermanns, H., Katoen, J.P.: A compositional modelling and analysis framework for stochastic hybrid systems. Formal Methods in System Design 43(2), 191–232 (2013)CrossRefMATH
16.
Hahn, E.M., Hartmanns, A., Hermanns, H.: Reachability and reward checking for stochastic timed automata. ECEASST 70 (2014)
17.
Hartmanns, A.: Model-checking and simulation for stochastic timed systems. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) Formal Methods for Components and Objects. LNCS, vol. 6957, pp. 372–391. Springer, Heidelberg (2011)CrossRef
18.
Hartmanns, A., Hermanns, H.: The modest toolset: an integrated environment for quantitative modelling and verification. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 593–598. Springer, Heidelberg (2014)CrossRef
19.
Hartmanns, A., Hermanns, H.: Explicit model checking of very large mdp using partitioning and secondary storage. In: Finkbeiner, B., Pu, G., Zhang, L. (eds.) ATVA 2015. LNCS, vol. 9364, pp. 131–147. Springer, Heidelberg (2015)CrossRef
20.
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, London (1985)MATH
21.
Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Annual Conference on Computer Security Applications ACSAC 2009, pp. 117–126, December 2009
22.
Katz, J.: Bridging game theory and cryptography: recent results and future directions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 251–272. Springer, Heidelberg (2008)CrossRef
23.
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011)CrossRef
24.
Kordy, B., Pietre-Cambacedes, L., Schweitzer, P.: DAG-based attack and defense modeling: Don’t miss the forest for the attack trees. CoRR 13–14, 1–38 (2013)MATH
25.
Krämer, J.: Attack-Defence Graphs - On the Formalisation of Security-Critical Systems. Master’s thesis, Saarland University, Saarbrücken, Germany (2015)
26.
Kumar, R., Guck, D., Stoelinga, M.I.A.: Time dependent analysis with dynamic counter measure trees (2015)
27.
Kumar, R., Ruijters, E., Stoelinga, M.: Quantitative attack tree analysis via priced timed automata. In: Sankaranarayanan, S., Vicario, E. (eds.) FORMATS 2015. LNCS, vol. 9268, pp. 156–171. Springer, Heidelberg (2015)CrossRef
28.
LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (ADVISE). In: QEST, pp. 191–200, Washington, DC, USA, IEEE (2011)
29.
Lye, K.-W., Wing, J.M.: Game strategies in network security. Int. J. Inf. Sec. 4(1–2), 71–86 (2005)CrossRef
30.
Magee, J., Kramer, J.: Concurrency - state models and Java programs, 2nd edn. Wiley, New York (2006)MATH
31.
Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 1–39 (2013)CrossRefMATH
32.
Mateski, M., Trevino, C.M., Veitch, C.K., Michalski, J., Harris, J.M., Maruoka, S., Frye, J.: Cyber threat metrics. Technical report SAND2012-2427, Sandia National Laboratories, March 2012
33.
Pietre-Cambacedes, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with boolean logic driven markov processes (BDMP). In: Dependable Computing Conference (EDCC), 2010 European, pp. 199–208, April 2010
34.
Rontidis, G., Panaousis, E.A., Laszka, A., Dagiuklas, T., Malacaria, P., Alpcan, T.: A game-theoretic approach for minimizing security risks in the internet-of-things. In : IEEE International Conference on Communication, Workshop Proceedings, pp. 2639–2644 (2015)
35.
Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Sec. Commun. Netw. 5(8), 929–943 (2012)CrossRef
36.
Zhu, Q., Fung, C.J., Boutaba, R., Barsar, T.: A game-theoretic approach to knowledge sharing in distributed collaborative intrusion detection networks: fairness. incentives and security, In: CDC (2011)
37.
Zonouz, S.A., Khurana, H., Sanders, W.H., Yardley, T.M.: Rre: a game-theoretic intrusion response and recovery engine. IEEE Trans. Parallel Distrib. Syst. 25(2), 395–406 (2014)CrossRef
Metadaten
Titel
The Value of Attack-Defence Diagrams
verfasst von
Holger Hermanns
Julia Krämer
Jan Krčál
Mariëlle Stoelinga
Copyright-Jahr
2016
Verlag
Springer Berlin Heidelberg
Buch
Principles of Security and Trust

Print ISBN: 978-3-662-49634-3

Electronic ISBN: 978-3-662-49635-0

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-662-49635-0_9

Premium Partner

    Bildnachweise