Upper Bounds for Adversaries’ Utility in Attack Trees

Buldas, Ahto; Stepanenko, Roman

doi:10.1007/978-3-642-34266-0_6

Ahto Buldas^18,19,20 &
Roman Stepanenko¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7638))

Included in the following conference series:

International Conference on Decision and Game Theory for Security

2050 Accesses
11 Citations

Abstract

Attack trees model the decision making process of an adversary who plans to attack a certain system. Attack-trees help to visualize possible attacks as Boolean combinations of atomic attacks and to compute attack-related parameters such as cost, success probability and likelihood. The known methods of estimating adversarie’s utility are of high complexity and set many unnatural restrictions on adversaries’ behavior. Hence, their estimations are incorrect—even if the computed utility is negative, there may still exist beneficial ways of attacking the system. For avoiding unnatural restrictions, we study fully adaptive adversaries that are allowed to try atomic attacks in arbitrary order, depending on the results of the previous trials. At the same time, we want the algorithms to be efficient. To achieve both goals, we do not try to measure the exact utility of adversaries but only upper bounds. If adversaries’ utility has a negative upper bound, it is safe to conclude that there are no beneficial ways of attacking the system, assuming that all reasonable atomic attacks are captured by the attack tree.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures Via Multi-parameter Attack Trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)
Chapter Google Scholar
Buldas, A., Mägi, T.: Practical Security Analysis of E-Voting Systems. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 320–335. Springer, Heidelberg (2007)
Chapter Google Scholar
Convery, S., Cook, D., Franz, M.: An attack tree for the Border Gateway Protocol (2004)
Google Scholar
Downs, D.D., Haddad, R.: Penetration testing—the gold standard for security rating and ranking. In: Proceedings of the 1st Workshop on Information-Security-System Rating and Ranking (WISSRR), Williamsburg, Virginia, USA (2001)
Google Scholar
Edge, K.S.: A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees. Ph.D. thesis, Air Force Institute of Technology, Ohio (2007)
Google Scholar
Ericson, C.: Fault tree analysis—a history. In: The 17th International System Safety Conference (1999)
Google Scholar
Jürgenson, A., Willemson, J.: Serial Model for Attack Tree Computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010)
Chapter Google Scholar
Jürgenson, A., Willemson, J.: Computing Exact Outcomes of Multi-parameter Attack Trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008)
Chapter Google Scholar
Mauw, S., Oostdijk, M.: Foundations of Attack Trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)
Chapter Google Scholar
Niitsoo, M.: Optimal Adversary Behavior for the Serial Model of Financial Attack Trees. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 354–370. Springer, Heidelberg (2010)
Chapter Google Scholar
Schneier, B.: Attack trees: Modeling security threats. Dr. Dobbs Journal 24(12), 21–29 (1999)
Google Scholar
Schudel, G., Wood, B.: Adversary Work Factor As a Metric for Information Assurance. In: Proceedings of the 2000 Workshop on New Security Paradigms, Ballycotton, County Cork, Ireland, pp. 23–30 (2000)
Google Scholar
Weiss, J.D.: A system security engineering process. In: Proc. of the 14th National Computer Security Conf., pp. 572–581 (1991)
Google Scholar
Wood, B., Bouchard, J.: Read team work factor as a security measurement. In: Proc. of the 1st Workshop on Information-Security-System Rating and Ranking (WISSRR 2001), Williamsburg, Virginia, USA (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

Cybernetica AS, Estonia
Ahto Buldas
Tallinn University of Technology, Estonia
Ahto Buldas & Roman Stepanenko
Guardtime AS, Estonia
Ahto Buldas

Authors

Ahto Buldas
View author publications
You can also search for this author in PubMed Google Scholar
Roman Stepanenko
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

College of Information Sciences and Technology, The Pennsylvania State University, 329A Information Sciences and Technology Building, 16802, University Park,, PA, USA
Jens Grossklags
Department of Electrical Engineering and Computer Sciences, University of California, 257M Cory Hall, 94720, Berkeley, CA, USA
Jean Walrand

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Buldas, A., Stepanenko, R. (2012). Upper Bounds for Adversaries’ Utility in Attack Trees. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_6

Download citation

DOI: https://doi.org/10.1007/978-3-642-34266-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics