Computing Exact Outcomes of Multi-parameter Attack Trees

Authors:
Aivo Jürgenson;Jan Willemson
Affiliations:
Tallinn University of Technology, Tallinn, Estonia 12618 and Elion Enterprises Ltd, Tallinn, Estonia 15033;Cybernetica, Tartu, Estonia
Venue:
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Year:
2008

Citing 6
Cited 8

A machine program for theorem-proving

Communications of the ACM
A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees

A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees
Processing multi-parameter attacktrees with estimated parameter values

IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Practical security analysis of e-voting systems

IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Rational choice of security measures via multi-parameter attack trees

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Serial model for attack tree computations

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Optimal adversary behavior for the serial model of financial attack trees

IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Foundations of attack-defense trees

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
A formal approach towards measuring trust in distributed systems

Proceedings of the 2011 ACM Symposium on Applied Computing
Technical Communication: Attribution of attack trees

Computers and Electrical Engineering
On fast and approximate attack tree computations

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Attribute Decoration of Attack-Defense Trees

International Journal of Secure Software Engineering
Quantitative questions on attack: defense trees

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we introduce a set of computation rules to determine the attacker's exact expected outcome based on a multi-parameter attack tree. We compare these rules to a previously proposed computational semantics by Buldas et al . and prove that our new semantics always provides at least the same outcome. A serious drawback of our proposed computations is the exponential complexity. Hence, implementation becomes an important issue. We propose several possible optimisations and evaluate the result experimentally. Finally, we also prove the consistency of our computations in the framework of Mauw and Oostdijk and discuss the need to extend the framework.