Attack Trees in Isabelle
In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification.
- 3.Kammüller, F.: Isabelle infrastructure framework with IoT healthcare s&p application (2018). https://github.com/flokam/IsabelleAT
- 4.Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, Hoboken (2004)Google Scholar
- 5.CHIST-ERA, Success: Secure accessibility for the internet of things (2016). http://www.chistera.eu/projects/success
- 6.Union, E.: The EU general data protection regulation (GDPR). Accessed 20 Mar 2018, proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) [first reading] - Analysis of the final compromise text with a view to agreement, Brussels, 15 December 2015. http://www.eugdpr.org
- 7.Myers, A.C., Liskov, B.: Complete, safe information flow with decentralized labels. In: IEEE Symposium on Security and Privacy. IEEE (1999)Google Scholar
- 11.Aslanyan, Z., Nielson, F., Parker, D.: Quantitative verification and synthesis of attack-defence scenarios. In: CSF 2016. IEEE (2016)Google Scholar