Expected Cost Analysis of Attack-Defense Trees

EISENTRAUT, Julia a Jan KŘETÍNSKÝ. Expected Cost Analysis of Attack-Defense Trees. In Quantitative Evaluation of Systems, 16th International Conference, QEST 2019, Glasgow, UK, September 10-12, 2019, Proceedings. Springer, 2019, s. 203-221. ISBN 9783030302801. Dostupné z: https://doi.org/10.1007/978-3-030-30281-8_12.

Základní údaje

Originální název

Expected Cost Analysis of Attack-Defense Trees

Autoři

EISENTRAUT, Julia a Jan KŘETÍNSKÝ

Vydání

Quantitative Evaluation of Systems, 16th International Conference, QEST 2019, Glasgow, UK, September 10-12, 2019, Proceedings. od s. 203-221, 19 s. 2019

Nakladatel

Springer

---

Další údaje

Typ výsledku

Stať ve sborníku

Označené pro přenos do RIV

Ne

Organizační jednotka

Fakulta informatiky

ISBN

9783030302801

ISSN

DOI

https://doi.org/10.1007/978-3-030-30281-8_12

---

Anotace

V originále

Attack-defense trees (ADT) are an established formalism for assessing system security. We extend ADT with costs and success probabilities of basic events. We design a framework to analyze the probability of a successful attack/defense, its expected cost, and its probability for a given maximum cost. On the conceptual level, we show that a proper analysis requires to model the problem using sequential decision making and non-tree structures, in contrast to classical ADT analysis. On the technical level, we provide three algorithms: (i) reduction to PRISM-games, (ii) dedicated game solution utilizing the structure of the problem, and (iii) direct analysis of ADT for certain settings. We demonstrate the framework and compare the solutions on several examples.