可逆攻击树

2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) Pub Date : 2021-12-01 DOI:10.1109/UEMCON53757.2021.9666564

Aliyu Tanko Ali, Damas P. Gruska

{"title":"可逆攻击树","authors":"Aliyu Tanko Ali, Damas P. Gruska","doi":"10.1109/UEMCON53757.2021.9666564","DOIUrl":null,"url":null,"abstract":"Attack trees are threat modeling formalism for identifying potential ways a system may be compromised. The underlying idea of this formalism is that possible attack points of a system are modeled as a set of nodes, together with the set of atomic actions which an attacker may execute to compromise the system. However, as attack trees are not designed from the administrator’s point of view, they are not equipped with sets of protection actions which can be used to stop an ongoing attack. In this paper we introduce reversible attack trees, as a variant of attack trees for which an ongoing attack can be fully or partially reset to the original state of the system. Then, we investigate whether the system administrator can detect whether a possible attack has reached some critical point in which his or her action is needed to prevent the attack by bringing the system to its initial state. Later, we show how this can be modeled by Timed Automata and checked by software tool UPPAAL.","PeriodicalId":127072,"journal":{"name":"2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Reversible Attack Trees\",\"authors\":\"Aliyu Tanko Ali, Damas P. Gruska\",\"doi\":\"10.1109/UEMCON53757.2021.9666564\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attack trees are threat modeling formalism for identifying potential ways a system may be compromised. The underlying idea of this formalism is that possible attack points of a system are modeled as a set of nodes, together with the set of atomic actions which an attacker may execute to compromise the system. However, as attack trees are not designed from the administrator’s point of view, they are not equipped with sets of protection actions which can be used to stop an ongoing attack. In this paper we introduce reversible attack trees, as a variant of attack trees for which an ongoing attack can be fully or partially reset to the original state of the system. Then, we investigate whether the system administrator can detect whether a possible attack has reached some critical point in which his or her action is needed to prevent the attack by bringing the system to its initial state. Later, we show how this can be modeled by Timed Automata and checked by software tool UPPAAL.\",\"PeriodicalId\":127072,\"journal\":{\"name\":\"2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/UEMCON53757.2021.9666564\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UEMCON53757.2021.9666564","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

攻击树是一种威胁建模形式，用于识别可能危及系统的潜在方式。这种形式化的基本思想是，系统的可能攻击点被建模为一组节点，以及攻击者可能执行的一组原子操作来破坏系统。但是，由于攻击树不是从管理员的角度设计的，因此它们没有配备一组可以用来阻止正在进行的攻击的保护动作。在本文中，我们引入了可逆攻击树，作为攻击树的一种变体，它可以将正在进行的攻击全部或部分重置到系统的原始状态。然后，我们调查系统管理员是否能够检测到可能的攻击是否已经达到某个临界点，在这个临界点上，他或她需要采取行动，通过将系统恢复到初始状态来防止攻击。稍后，我们将展示如何通过时间自动机建模并通过软件工具UPPAAL进行检查。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Reversible Attack Trees

Attack trees are threat modeling formalism for identifying potential ways a system may be compromised. The underlying idea of this formalism is that possible attack points of a system are modeled as a set of nodes, together with the set of atomic actions which an attacker may execute to compromise the system. However, as attack trees are not designed from the administrator’s point of view, they are not equipped with sets of protection actions which can be used to stop an ongoing attack. In this paper we introduce reversible attack trees, as a variant of attack trees for which an ongoing attack can be fully or partially reset to the original state of the system. Then, we investigate whether the system administrator can detect whether a possible attack has reached some critical point in which his or her action is needed to prevent the attack by bringing the system to its initial state. Later, we show how this can be modeled by Timed Automata and checked by software tool UPPAAL.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)

自引率

0.00%

发文量