Skip to main content
SpringerLink
Log in

Attack–defense tree-based analysis and optimal defense synthesis for system design

  • Original Article
  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

Attack–defense trees (ADTrees) are widely used in the security analysis of software systems. In this work, we introduce a novel approach to analyze system architecture models via ADTrees and to synthesize an optimal cost defense solution using MaxSMT. We generate an ADTree from the Architecture Analysis and Design Language (AADL) model with its possible attacks and implemented defenses. We analyze these ADTrees to see if they satisfy their cyber-requirements. We then translate the ADTree into a set of logical formulas that encapsulate both the logical structure of the tree and the constraints on the cost of implementing the corresponding defenses, such that a minimization query to the MaxSMT solver returns a set of defenses that mitigate all possible attacks with minimal cost. We provide an initial evaluation of our tool on a delivery drone system model which shows promising results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. This work is an extended version of the NFM conference paper [3]. Our extension includes the ADTree construction algorithms, the proofs of correctness of our techniques, and a more elaborate use case and related work.

  2. rd, bd, and cd stand for remote defense, backup defense, and controller defense respectively.

  3. Github: https://github.com/ge-high-assurance/VERDICT

  4. The Delivery Drone AADL Model: https://github.com/baoluomeng/2022_NFM/tree/main/DeliveryDrone

References

  1. Mauw S, Oostdijk M (2006) Foundations of attack trees. In: Won DH, Kim S (eds) Information security and cryptology-ICISC 2005. Springer, Berlin, pp 186–198. https://doi.org/10.1007/11734727_17

    Chapter  Google Scholar 

  2. Kordy B, Mauw S, Radomirović S, Schweitzer P (2011) Foundations of attack-defense trees. In: Degano P, Etalle S, Guttman J (eds) Formal aspects of security and trust. Springer, Berlin, pp 80–95. https://doi.org/10.1007/978-3-642-19751-2_6

    Chapter  Google Scholar 

  3. Meng B, Viswanathan A, Smith W, Moitra A, Siu K, Durling M (2022) Synthesis of optimal defenses for system architecture design model in MaxSMT. In: NASA formal methods symposium, pp. 752–770. https://doi.org/10.1007/978-3-031-06773-0_40. Springer

  4. MITRE common attack pattern enumeration and classification (CAPEC). https://capec.mitre.org/. Accessed: 2022-03-21

  5. National institute of standards and technology 800-53. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final. Accessed: 2022-03-21

  6. Radio technical commission for aeronautics (RTCA) DO326 – Airworthiness Security Process Specification. https://www.rtca.org/. Accessed: 2022-03-21

  7. Radio technical commission for aeronautics (RTCA) DO356–Airworthiness security methods and considerations. https://www.rtca.org/. Accessed: 2022-03-21

  8. Kordy B, Wideł W (2017) How well can i secure my system? Lecture notes in computer science. Springer, NewYork, pp 332–347

    Google Scholar 

  9. Feiler PH, Lewis B, Vestal S, Colbert E. An overview of the SAE architecture analysis & design language (AADL) standard: a basis for model-based architecture-driven embedded systems engineering. In: IFIP the international federation for information processing, pp. 3–15. Springer. https://doi.org/10.1007/0-387-24590-1_1

  10. Moitra A, Prince D, Siu K, Durling M, Herencia-Zapana H (2020) Threat identification and defense control selection for embedded systems. SAE Int J Trans Cybersecur Priv 3:81–96

    Google Scholar 

  11. Siu K, Herencia-Zapana H, Prince D, Moitra A (2020) A model-based framework for analyzing the security of system architectures. In: 2020 annual reliability and maintainability symposium (RAMS), pp. 1–6. https://doi.org/10.1109/rams48030.2020.9153607. IEEE

  12. Javaid AY, Sun W, Devabhaktuni VK, Alam M (2012) Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: 2012 IEEE conference on technologies for homeland security (HST), pp. 585–590. https://doi.org/10.1109/ths.2012.6459914. IEEE

  13. Bjørner N, Phan A-D, Fleckenstein L (2015) \(\nu \)z-an optimizing smt solver. In: Tools and algorithms for the construction and analysis of systems: 21st international conference (TACAS), pp. 194–199. https://doi.org/10.1007/978-3-662-46681-0_14. Springer

  14. Barrett C, Fontaine P, Tinelli C (2016) The satisfiability modulo theories library (SMT-LIB). www.SMT-LIB.org

  15. Meng B, Larraz D, Siu K, Moitra A, Interrante J, Smith W, Paul S, Prince D, Herencia-Zapana H, Arif MF et al (2021) VERDICT: a language and framework for engineering cyber resilient and safe system. Systems 9(1):18. https://doi.org/10.3390/systems9010018

    Article  Google Scholar 

  16. Siu K, Moitra A, Li M, Durling M, Herencia-Zapana H, Interrante J, Meng B, Tinelli C, Chowdhury O, Larraz D, et al. (2019) Architectural and behavioral analysis for cyber security. In: 2019 IEEE/AIAA 38th digital avionics systems conference (DASC), pp. 1–10. https://doi.org/10.1109/dasc43569.2019.9081652. IEEE

  17. The OSATE tool. https://osate.org/about-osate.html (2021)

  18. Barzeele J, Siu K, Robinson M, Suantak L, Merems J, Durling M, Moitra A, Meng B, Williams P, Prince D. (2021) Experience in designing for cyber resiliency in embedded DoD systems. In: INCOSE international symposium, vol 31, pp 80–94. https://doi.org/10.1002/j.2334-5837.2021.00827.x. Wiley Online Library

  19. Durling MR, Moitra A, Siu KY, Meng B, Carbone JW, Alexander CC, Castillo-Villar KK, Ciocarlie GF (2022) Model-based security analysis in additive manufacturing systems. In: Proceedings of the 2022 ACM CCS workshop on additive manufacturing (3D Printing) security, pp. 3–13. https://doi.org/10.1145/3560833.3563566

  20. Depamelaere W, Lemaire L, Vossaert J, Naessens V (2018) CPS security assessment using automatically generated attack trees. In: Proceedings of the 5th international symposium for ICS & SCADA cyber security research 2018. https://doi.org/10.14236/ewic/ics2018.1. British Computer Society (BCS)

  21. Vigo R, Nielson F, Nielson HR (2014) Automated generation of attack trees. In: 2014 IEEE 27th computer security foundations symposium, pp. 337–350. https://doi.org/10.1109/csf.2014.31. IEEE

  22. Pinchinat S, Acher M, Vojtisek D (2016) ATSyRa: an integrated environment for synthesizing attack trees. In: International workshop on graphical models for security, pp. 97–101. https://doi.org/10.1007/978-3-319-29968-6_7. Springer

  23. Dalton GC, Mills RF, Colombi JM, Raines RA, et al. (2006) Analyzing attack trees using generalized stochastic petri nets. In: Information assurance workshop, pp. 116–123. https://doi.org/10.1109/iaw.2006.1652085. IEEE

  24. Fila B, Wideł W. (2020) Exploiting attack–defense trees to find an optimal set of countermeasures. In: 2020 IEEE 33rd computer security foundations symposium (CSF), pp. 395–410. https://doi.org/10.1109/CSF49147.2020.00035

  25. Buldas A, Lenin A, Willemson J, Charnamord A. (2017) Simple infeasibility certificates for attack trees. In: International workshop on security, pp. 39–55. https://doi.org/10.1007/978-3-319-64200-0_3. Springer

  26. Arias J, Budde CE, Penczek W, Petrucci L, Sidoruk T, Stoelinga M. (2020) Hackers vs. security: attack-defence trees as asynchronous multi-agent systems. In: International conference on formal engineering methods, pp. 3–19. https://doi.org/10.1007/978-3-030-63406-3_1. Springer

  27. Wang P, Lin W-H, Kuo P-T, Lin H-T, Wang TC. (2012) Threat risk analysis for cloud security based on attack-defense trees. In: 2012 8th international conference on computing technology and information management (NCM and ICNIT), vol 1, pp 106–111. https://doi.org/10.4156/ijact.vol4.issue17.70. IEEE

  28. Kordy B, Wideł W (2018) On quantitative analysis of attack–defense trees with repeated labels. In: International conference on principles of security and trust, pp 325–346. https://doi.org/10.1007/978-3-319-89722-6_14. Springer

  29. Bossuat A, Kordy B (2017) Evil twins: handling repetitions in attack-defense trees: a survival guide. In: Liu P, Mauw S, Stolen K (eds) Graphical models for security. Springer, Santa Barbara, pp 17–32. https://doi.org/10.1007/978-3-319-74860-3_2

    Chapter  Google Scholar 

  30. Gadyatskaya O, Hansen RR, Larsen KG, Legay A, Olesen MC, Poulsen DB (2016) Modelling attack-defense trees using timed automata. In: International conference on formal modeling and analysis of timed systems, pp 35–50. https://doi.org/10.1007/978-3-319-44878-7_3. Springer

  31. Rios E, Rego A, Iturbe E, Higuero M, Larrucea X (2020) Continuous quantitative risk management in smart grids using attack defense trees. Sensors 20(16):4404. https://doi.org/10.3390/s20164404

    Article  Google Scholar 

  32. Lounis K, Ouchani S (2021) Modeling attack-defense trees’ countermeasures using continuous time markov chains. In: International conference on software engineering and formal methods, pp 30–42. https://doi.org/10.1007/978-3-030-67220-1_3. Springer

  33. Jhawar R, Lounis K, Mauw S (2016) A stochastic framework for quantitative analysis of attack-defense trees. In: International workshop on security and trust management, pp 138–153. https://doi.org/10.1007/978-3-319-46598-2_10. Springer

  34. Buldas A, Gadyatskaya O, Lenin A, Mauw S, Trujillo-Rasua R (2020) Attribute evaluation on attack trees with incomplete information. Comput Secur 88:101630. https://doi.org/10.1016/j.cose.2019.101630

    Article  Google Scholar 

  35. Kordy B, Kordy P, Mauw S, Schweitzer P (2013) ADTool: security analysis with attack–defense trees. In: International conference on quantitative evaluation of systems, pp 173–176. https://doi.org/10.1007/978-3-642-40196-1_15. Springer

  36. Ji X, Yu H, Fan G, Fu W (2016) Attack-defense trees based cyber security analysis for CPSs. In: 2016 17th IEEE/ACIS international conference on software engineering, artificial intelligence, networking and parallel/distributed computing (SNPD), pp 693–698. https://doi.org/10.1109/snpd.2016.7515980. IEEE

  37. Bryans J, Nguyen HN, Shaikh SA (2019) Attack defense trees with sequential conjunction. In: 2019 IEEE 19th international symposium on high assurance systems engineering (HASE), pp 247–252. https://doi.org/10.1109/hase.2019.00045. IEEE

  38. Du S, Li X, Du J, Zhu H (2014) An attack-and-defence game for security assessment in vehicular ad hoc networks. Peer-to-peer Netw Appl 7(3):215–228. https://doi.org/10.1007/s12083-012-0127-9

  39. Du S, Zhu H (2013) Attack-defense tree based security assessment. Security assessment in vehicular networks. Springer, New York, pp 17–22. https://doi.org/10.1007/978-1-4614-9357-0_3

    Chapter  Google Scholar 

  40. Garg S, Aujla GS, Kumar N, Batra S (2019) Tree-based attack-defense model for risk assessment in multi-UAV networks. IEEE Consum Electron Mag 8(6):35–41. https://doi.org/10.1109/mce.2019.2941345

    Article  Google Scholar 

  41. Meng B, Smith W, Durling M (2021) Security threat modeling and automated analysis for system design. SAE Int J Transp Cybersecur Priv 4:3–17. https://doi.org/10.4271/11-04-01-0001

    Article  Google Scholar 

Download references

Acknowledgements

Distribution Statement “A” (Approved for Public Release, Distribution Unlimited). This research was developed with funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.

Author information

Authors and Affiliations

  1. General Electric Aerospace Research, 1 Research Circle, Niskayuna, NY, 12309, USA

    Baoluo Meng, Arjun Viswanathan, Saswata Paul, William Smith, Abha Moitra, Kit Siu & Michael Durling

Authors
  1. Baoluo Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arjun Viswanathan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saswata Paul
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. William Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Abha Moitra
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kit Siu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Michael Durling
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Baoluo Meng and Arjun Viswanathan wrote the main manuscript text. Saswata Paul expanded the related work section, formatted algorithms, and the manuscript. William Smith wrote the initial draft of the paper. Abha Moitra and Kit Siu contributed to the implementation of the tool and Sect. 2. Michael Durling secured the funding and gave instrumental thoughts for this research. All authors reviewed the manuscript.

Corresponding author

Correspondence to Baoluo Meng.

Ethics declarations

Conflict of interest

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Meng, B., Viswanathan, A., Paul, S. et al. Attack–defense tree-based analysis and optimal defense synthesis for system design. Innovations Syst Softw Eng (2024). https://doi.org/10.1007/s11334-024-00556-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11334-024-00556-3

Keywords

Search

Navigation