On Security Countermeasures Ranking through Threat Analysis

  • Nicola Nostro
  • Ilaria Matteucci
  • Andrea Ceccarelli
  • Felicita Di Giandomenico
  • Fabio Martinelli
  • Andrea Bondavalli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8696)


Security analysis and design are key activities for the protection of critical systems and infrastructures. Traditional approaches consist first in applying a qualitative threat assessment that identifies the attack points. Results are then used as input for the security design such that appropriate countermeasures are selected. In this paper we propose a novel approach for the selection and ranking of security controlling strategies which is driven by quantitative threat analysis based on attack graphs. It consists of two main steps: i) a threat analysis, performed to evaluate attack points and paths identifying those that are feasible, and to rank attack costs from the perspective of an attacker; ii) controlling strategies, to derive the appropriate monitoring rules and the selection of countermeasures are evaluated, based upon the provided values and ranks. Indeed, the exploitation of such threat analysis allows to compare different controlling strategies and to select the one that fits better the given set of functional and security requirements. To exemplify our approach, we adopt part of an electrical power system, the Customer Energy Management System (CEMS), as reference scenario where the steps of threat analysis and security strategies are applied.


Critical Infrastructure Label Transition System Attack Graph Threat Analysis Attack Step 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. In: Degano, P., Guttman, J.D. (eds.) POST. LNCS, vol. 7215, pp. 309–328. Springer, Heidelberg (2012)Google Scholar
  2. 2.
    Bauer, L., Ligatti, J., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2) (2005)Google Scholar
  3. 3.
    Bielova, N., Massacci, F.: Predictability of enforcement. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 73–86. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. LNCS, vol. 2962. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Caravagna, G., Costa, G., Pardini, G.: Lazy security controllers. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 33–48. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Ciancia, V., Martinelli, F., Ilaria, M., Morisset, C.: Quantitative evaluation of enforcement strategies: Position paper. In: Danger, J.-L., Debbabi, M., Marion, J.-Y., Garcia-Alfaro, J., Heywood, N.Z. (eds.) FPS 2013. LNCS, vol. 8352, pp. 178–186. Springer, Heidelberg (2013)Google Scholar
  7. 7.
    Cinque, M., Cotroneo, D., Natella, R., Pecchia, A.: Assessing and improving the effectiveness of logs for the analysis of software faults. In: 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 457–466 (2010)Google Scholar
  8. 8.
    Dacier, M., Deswarte, Y.: Privilege graph: An extension to the typed access matrix model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319–334. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  9. 9.
    Drábik, P., Martinelli, F., Morisset, C.: Cost-aware runtime enforcement of security policies. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 1–16. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. 10.
    Easwaran, A., Kannan, S., Lee, I.: Optimal control of software ensuring safety and functionality. Tech. Rep. MS-CIS-05-20, University of Pennsylvania (2005)Google Scholar
  11. 11.
    Evans, S., Wallner, J.: Risk-based security engineering through the eyes of the adversary. In: Information Assurance Workshop, Proc. of the 6th Annual IEEE SMC, pp. 158–165 (2005)Google Scholar
  12. 12.
    Hägerling, C., Kurtz, F.M., Wietfeld, C., Iacono, D., Daidone, A., Di Giandomenico, F.: Security Risk Analysis and Evaluation of Integrating Customer Energy Management Systems into Smart Distribution Grids. CIRED Workshop Proc. (ed.) Accepted to be Published in the Technical Track About Telecommunications and Data ManagementGoogle Scholar
  13. 13.
    LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE). In: Proc. of the 8th Int. Conf. on Quantitative Evaluation of SysTems, QEST, pp. 191–200. IEEE Computer Society (2011)Google Scholar
  14. 14.
    Mallios, Y., Bauer, L., Kaynar, D., Martinelli, F., Morisset, C.: Probabilistic cost enforcement of security policies. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 144–159. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. ENTCS 179 (2007)Google Scholar
  16. 16.
    Martinelli, F., Matteucci, I., Morisset, C.: From qualitative to quantitative enforcement of security policy. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 22–35. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Mendes, N., Neto, A., Duraes, J., Vieira, M., Madeira, H.: Assessing and comparing security of web servers. In: 14th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2008, pp. 313–322 (2008)Google Scholar
  18. 18.
    Nicol, D., Sanders, W., Trivedi, K.: Model-based evaluation: from dependability to security. IEEE Transactions on Dependable and Secure Computing 1(1), 48–65 (2004)CrossRefGoogle Scholar
  19. 19.
    Nostro, N., Ceccarelli, A., Bondavalli, A., Brancati, F.: A methodology and supporting techniques for the quantitative assessment of insider threats. In: Proc. of the 2nd International Workshop on Dependability Issues in Cloud Computing, pp. 1–6 (2013)Google Scholar
  20. 20.
    Practical threat analysis (pta), (accessed May 2014)
  21. 21.
    Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)CrossRefGoogle Scholar
  22. 22.
    Schneier, B.: Secrets & Lies: Digital Security in a Networked World, 1st edn. John Wiley & Sons, Inc., New York (2000)Google Scholar
  23. 23.
    Wang, L., Singhal, A., Jajodia, S.: Toward measuring network security using attack graphs. In: Proc. of the ACM Workshop on Quality of Protection, QoP 2007, pp. 49–54 (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nicola Nostro
    • 1
    • 2
  • Ilaria Matteucci
    • 3
  • Andrea Ceccarelli
    • 1
  • Felicita Di Giandomenico
    • 2
  • Fabio Martinelli
    • 3
  • Andrea Bondavalli
    • 1
  1. 1.University of FlorenceFirenzeItaly
  2. 2.ISTI - CNRPisaItaly
  3. 3.IIT-CNRPisaItaly

Personalised recommendations