The value of attack-defence diagrams.

D 2016

The value of attack-defence diagrams.

HERMANNS, Holger; Julia KRÄMER; Jan KRČÁL a Mariëlle STOELINGA

Základní údaje

Originální název

The value of attack-defence diagrams.

Autoři

HERMANNS, Holger; Julia KRÄMER; Jan KRČÁL a Mariëlle STOELINGA

Vydání

Berlin, In International Conference on Principles of Security and Trust, od s. 163-185, 23 s. 2016

Nakladatel

Springer

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Německo

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Impakt faktor

Impact factor: 0.402 v roce 2005

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14330/16:00088814

Organizační jednotka

Fakulta informatiky

ISBN

978-3-662-49634-3

ISSN

Klíčová slova anglicky

attack-defence diagrams; stochastic timed automata; attack trees

Změněno: 1. 6. 2022 12:41, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.

Návaznosti

GBP202/12/G061, projekt VaV

Název: Centrum excelence - Institut teoretické informatiky (CE-ITI) (Akronym: CE-ITI)

Investor: Grantová agentura ČR, Centrum excelence - Institut teoretické informatiky

Citovat

HERMANNS, Holger; Julia KRÄMER; Jan KRČÁL a Mariëlle STOELINGA. The value of attack-defence diagrams. In In International Conference on Principles of Security and Trust. Berlin: Springer, 2016, s. 163-185. ISBN 978-3-662-49634-3. Dostupné z: https://doi.org/10.1007/978-3-662-49635-0_9.

@inproceedings{1377786,
   author = {Hermanns, Holger and Krämer, Julia and Krčál, Jan and Stoelinga, Mariëlle},
   address = {Berlin},
   booktitle = {In International Conference on Principles of Security and Trust},
   doi = {https://doi.org/10.1007/978-3-662-49635-0_9},
   keywords = {attack-defence diagrams; stochastic timed automata; attack trees},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Berlin},
   isbn = {978-3-662-49634-3},
   pages = {163-185},
   publisher = {Springer},
   title = {The value of attack-defence diagrams.},
   year = {2016}
}

TY  - CONF
ID  - 1377786
AU  - Hermanns, Holger - Krämer, Julia - Krčál, Jan - Stoelinga, Mariëlle
PY  - 2016
TI  - The value of attack-defence diagrams.
PB  - Springer
CY  - Berlin
SN  - 9783662496343
KW  - attack-defence diagrams
KW  - stochastic timed automata
KW  - attack trees
N2  - Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram’s semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game’s outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.
ER  -

HERMANNS, Holger; Julia KRÄMER; Jan KRČÁL a Mari$\backslash$''elle STOELINGA. The value of attack-defence diagrams. In \textit{In International Conference on Principles of Security and Trust}. Berlin: Springer, 2016, s.~163-185. ISBN~978-3-662-49634-3. Dostupné z: https://doi.org/10.1007/978-3-662-49635-0\_{}9.

Přehled o publikaci