Quantitative Verification and Synthesis of Attack-Defence Scenarios

2016 IEEE 29th Computer Security Foundations Symposium (CSF) Pub Date : 2016-06-01 DOI:10.1109/CSF.2016.15

Zaruhi Aslanyan, F. Nielson, D. Parker

{"title":"Quantitative Verification and Synthesis of Attack-Defence Scenarios","authors":"Zaruhi Aslanyan, F. Nielson, D. Parker","doi":"10.1109/CSF.2016.15","DOIUrl":null,"url":null,"abstract":"Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.","PeriodicalId":6500,"journal":{"name":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","volume":"8 1","pages":"105-119"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"66","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2016.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 66

Abstract

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.

查看原文本刊更多论文

攻防场景的定量验证与综合

攻击-防御树是正式评估攻击-防御场景的强大技术。它们以直观的图形方式呈现了攻击者和防御者之间的互动，他们为了实现相互冲突的目标而相互竞争。我们提出了一个新的框架，用于形式化分析复杂攻击防御场景的定量属性，使用攻击防御树的扩展，该扩展模拟了行动的时间顺序，并允许攻击者和防御者采用的策略中显式的依赖关系。我们采用博弈论的方法，将攻防树转化为双玩家随机博弈，然后使用概率模型检查技术对这些模型进行形式化分析。这提供了一种方法，既可以验证攻击-防御场景的正式指定的安全属性，又可以为攻击者或防御者提供综合策略，保证或优化某些定量属性，例如成功攻击的概率，预期成本，或两者之间的一些多目标权衡。我们在PRISM-games模型检查器的基础上实现了我们的方法，并将其应用于RFID货物管理系统的案例研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量