On Linear Logic, Functional Programming, and Attack Trees
This paper has two main contributions. The first is a new linear logical semantics of causal attack trees in four-valued truth tables. Our semantics is very simple and expressive, supporting specializations, and supports the ideal semantics of causal attack trees, and partially supporting the filter semantics of causal attack trees. Our second contribution is Lina, a new embedded, in Haskell, domain specific functional programming language for conducting threat analysis using attack trees. Lina has many benefits over existing tools; for example, Lina allows one to specify attack trees very abstractly, which provides the ability to develop libraries of attack trees, furthermore, Lina is compositional, allowing one to break down complex attack trees into smaller ones that can be reasoned about and analyzed incrementally. Furthermore, Lina supports automatically proving properties of attack trees, such as equivalences and specializations, using Maude and the semantics introduced in this paper.
This work was supported by NSF award #1565557. We thank Clément Aubert for helpful discussions and feedback on previous drafts of this paper, and the anonymous reviewers whose recommendations made this a better paper.
- 1.Camtepe, S.A., Yener, B.: Modeling and detection of complex attacks. In: Security and Privacy in Communications Networks, pp. 234–243, September 2007Google Scholar
- 3.Clavel, M., Durán, F., Eker, S., Lincoln, P., Martı-Oliet, N., Meseguer, J., Talcott, C.: Maude manual (version 2.1). SRI International, Menlo Park (2005)Google Scholar
- 10.Kordy, B., Pouly, M., Schweitzer, P.: Computational aspects of attack–defense trees. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 103–116. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-25261-7_8CrossRefGoogle Scholar
- 13.McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security Paradigms, NSPW 2000, pp. 15–21. ACM, New York (2000)Google Scholar
- 14.Norell, U.: Dependently typed programming in AGDA. In: Proceedings of the 4th International Workshop on Types in Language Design and Implementation, TLDI 2009, pp. 1–2. ACM, New York (2009)Google Scholar
- 15.Piètre-Cambacédès, L., ouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic driven Markov processes (BDMP). In: 2010 European on Dependable Computing Conference (EDCC), pp. 199–208, April 2010Google Scholar
- 16.Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. 24, 21–29 (1999)Google Scholar