Skip to main content
SpringerLink
Log in

Quantitative Attack Tree Analysis via Priced Timed Automata

  • Conference paper
  • First Online:
Formal Modeling and Analysis of Timed Systems (FORMATS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9268))

Abstract

The success of a security attack crucially depends on the resources available to an attacker: time, budget, skill level, and risk appetite. Insight in these dependencies and the most vulnerable system parts is key to providing effective counter measures.

This paper considers attack trees, one of the most prominent security formalisms for threat analysis. We provide an effective way to compute the resources needed for a successful attack, as well as the associated attack paths. These paths provide the optimal ways, from the perspective of the attacker, to attack the system, and provide a ranking of the most vulnerable system parts.

By exploiting the priced timed automaton model checker Uppaal CORA, we realize important advantages over earlier attack tree analysis methods: we can handle more complex gates, temporal dependencies between attack steps, shared subtrees, and realistic, multi-parametric cost structures. Furthermore, due to its compositionality, our approach is flexible and easy to extend.

We illustrate our approach with several standard case studies from the literature, showing that our method agrees with existing analyses of these cases, and can incorporate additional data, leading to more informative results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aagedal, J., Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., StĆølen, K.: Model-based risk assessment to improve enterprise security. In: Proc. 6th Int. Enterprise Distributed Object Computing Conf. (EDOC 2002), p. 51 (2002)

    Google ScholarĀ 

  2. Alur, R., Dill, D.L.: A theory of timed automata. Theoretical Computer Science 126(2), 183ā€“235 (1994)

    ArticleĀ  MathSciNetĀ  MATHĀ  Google ScholarĀ 

  3. Amoroso, E.: Fundamentals of computer security technology. Prentice-Hall Inc., Upper Saddle River (1994)

    MATHĀ  Google ScholarĀ 

  4. Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285ā€“305. Springer, Heidelberg (2014)

    ChapterĀ  Google ScholarĀ 

  5. Risk Management. Australian/New Zealand Standard, AS/NZS 4360:2004 14443 (2004)

    Google ScholarĀ 

  6. Technical standard to Risk Taxonomy, The Open Group, C081 (2009)

    Google ScholarĀ 

  7. Behrmann, G., Larsen, K.G., Rasmussen, J.I.: Optimal scheduling using priced timed automata. SIGMETRICS Performance Evaluation Review 32(4) (2005)

    Google ScholarĀ 

  8. Behrmann, G., Larsen, K.G., Rasmussen, J.I.: Priced timed automata: algorithms and applications. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2004. LNCS, vol. 3657, pp. 162ā€“182. Springer, Heidelberg (2005)

    ChapterĀ  Google ScholarĀ 

  9. Bengtsson, J.E., Yi, W.: Timed automata: semantics, algorithms and tools. In: Desel, J., Reisig, W., Rozenberg, G. (eds.) Lectures on Concurrency and Petri Nets. LNCS, vol. 3098, pp. 87ā€“124. Springer, Heidelberg (2004)

    ChapterĀ  Google ScholarĀ 

  10. Bouyer, P.: Weighted timed automata: Model-checking and games. Electronic Notes in Theoretical Computer Science 158, 3ā€“17 (2006)

    ArticleĀ  Google ScholarĀ 

  11. Bowles, J.B., Hanczaryk, W.: Threat effects analysis: Applying FMEA to model computer system threats. In: 2008 Annual Reliability and Maintainability Symp., pp. 463ā€“468. IEEE, January 2008

    Google ScholarĀ 

  12. Brihaye, T., BruyĆØre, V., Raskin, J.-F.: Model-checking for weighted timed automata. In: Lakhnech, Y., Yovine, S. (eds.) FORMATS 2004 and FTRTFT 2004. LNCS, vol. 3253, pp. 277ā€“292. Springer, Heidelberg (2004)

    ChapterĀ  Google ScholarĀ 

  13. Buckshaw, D.L.: Use of Decision Support Techniques for Information System Risk Management. John Wiley Sons, Ltd. (2014)

    Google ScholarĀ 

  14. Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: LĆ³pez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235ā€“248. Springer, Heidelberg (2006)

    ChapterĀ  Google ScholarĀ 

  15. Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Proc. Third European Symp. on Research in Computer Security (ESORICS), Brighton, UK, November 7ā€“9. pp. 319ā€“334 (1994)

    Google ScholarĀ 

  16. Ford, M.D., Keefe, K., LeMay, E., Sanders, W.H., Muehrcke, C.: Implementing the ADVISE security modeling formalism in Mƶbius. In: Proc. 43rd Int. Conf. on Dependable Systems and Networks (DSN), pp. 1ā€“8 (2013)

    Google ScholarĀ 

  17. Hansson, J., Wrage, L., Feiler, P.H., Morley, J., Lewis, B.A., Hugues, J.: Architectural modeling to verify security and nonfunctional behavior. IEEE Security & Privacy 8(1), 43ā€“49 (2010)

    ArticleĀ  Google ScholarĀ 

  18. JĆ¼rgenson, A., Willemson, J.: Processing multi-parameter attacktrees with estimated parameter values. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 308ā€“319. Springer, Heidelberg (2007)

    ChapterĀ  Google ScholarĀ 

  19. JĆ¼rgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036ā€“1051. Springer, Heidelberg (2008)

    ChapterĀ  Google ScholarĀ 

  20. Kordy, B., PiĆØtre-CambacĆ©dĆØs, L., Schweitzer, P.: DAG-based attack and defense modeling: Donā€™t miss the forest for the attack trees. Computer Science Review 13ā€“14, 1ā€“38 (2014)

    ArticleĀ  Google ScholarĀ 

  21. LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H.: Model-based security metrics using adversary view security evaluation (ADVISE). In: 2011 Eigth Int. Conf. on Quantitative Eval. of Systems (QEST). IEEE (2011)

    Google ScholarĀ 

  22. Lenin, A., Willemson, J., Sari, D.P.: Attacker profiling in quantitative security assessment based on attack trees. In: Bernsmed, K., Fischer-HĆ¼bner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 199ā€“212. Springer, Heidelberg (2014)

    Google ScholarĀ 

  23. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186ā€“198. Springer, Heidelberg (2006)

    ChapterĀ  Google ScholarĀ 

  24. McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Quantitative cyber risk reduction estimation methodology for a small scada control system. In: Proc. 39th Annual Hawaii Int. Conf. on System Sciences (HICSS), vol. 9, p. 226, January 2006

    Google ScholarĀ 

  25. PiĆØtre-CambacĆ©dĆØs, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven markov processes (BDMP). In: Dependable Computing Conf. (EDCC), pp. 199ā€“208 (2010)

    Google ScholarĀ 

  26. Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231ā€“246. Springer, Heidelberg (2005)

    ChapterĀ  Google ScholarĀ 

  27. Schneier, B.: Attack trees: modeling security threats. In: Dr. Dobbā€™s journal, December 1999

    Google ScholarĀ 

  28. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Security and Privacy, Proc. 2002 IEEE Symp., pp. 273ā€“284 (2002)

    Google ScholarĀ 

  29. Uppaal CORA. http://people.cs.aau.dk/ adavid/cora/index.html

  30. Weiss, J.: A system security engineering process. In: Proc. 14th National Computer Security Conference, vol. 249, October 1991

    Google ScholarĀ 

Download references

Author information

Authors and Affiliations

  1. Formal Methods and Tools, University of Twente, Enschede, The Netherlands

    Rajesh Kumar,Ā Enno RuijtersĀ &Ā MariĆ«lle Stoelinga

Authors
  1. Rajesh Kumar
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Enno Ruijters
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Mariƫlle Stoelinga
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Corresponding author

Correspondence to Rajesh Kumar .

Editor information

Editors and Affiliations

  1. University of Colorado, Boulder, Colorado, USA

    Sriram Sankaranarayanan

  2. University of Florence, Florence, Italy

    Enrico Vicario

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kumar, R., Ruijters, E., Stoelinga, M. (2015). Quantitative Attack Tree Analysis via Priced Timed Automata. In: Sankaranarayanan, S., Vicario, E. (eds) Formal Modeling and Analysis of Timed Systems. FORMATS 2015. Lecture Notes in Computer Science(), vol 9268. Springer, Cham. https://doi.org/10.1007/978-3-319-22975-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22975-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22974-4

  • Online ISBN: 978-3-319-22975-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation