Advertisement

ATSyRa: An Integrated Environment for Synthesizing Attack Trees

(Tool Paper)
  • Sophie PinchinatEmail author
  • Mathieu Acher
  • Didier Vojtisek
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9390)

Abstract

Attack trees are widely considered in the fields of security for the analysis of risks (or threats) against electronics, computer control, or physical systems. A major barrier is that attack trees can become largely complex and thus hard to specify. This paper presents ATSyRA, a tooling environment to automatically synthesize attack trees of a system under study. ATSyRA provides advanced editors to specify high-level descriptions of a system, high-level actions to structure the tree, and ways to interactively refine the synthesis. We illustrate how users can specify a military building, abstract and organize attacks, and eventually obtain a readable attack tree.

Keywords

Atomic Action Attack Scenario Attack Tree Integrate Environment Derivation Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This work is funded by the Direction Générale de l’Armement (DGA) - Ministère de la Défense, France. We thank Salomé Coavoux and Maël Guilleme for their insightful comments and development around ATSyRA.

References

  1. 1.
    Colange, M., Baarir, S., Kordon, F., Thierry-Mieg, Y.: Towards distributed software model-checking using decision diagrams. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 830–845. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Hong, J.B., Kim, D.S., Takaoka, T.: Scalable attack representation model using logic reduction techniques. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 404–411 (2013)Google Scholar
  3. 3.
    Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)CrossRefzbMATHGoogle Scholar
  5. 5.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)CrossRefGoogle Scholar
  6. 6.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014 Workshops. LNCS, vol. 8938, pp. 363–375. Springer, Heidelberg (2015)Google Scholar
  8. 8.
    Schneier, B.: Attack trees : modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  9. 9.
    Paul, S.: Towards automating the construction & maintenance of attack trees: a feasibility study. In: Kordy, B., Mauw, S., Pieters, W. (eds.) GraMSec, vol. 148, pp. 31–46. EPTCS (2014)Google Scholar
  10. 10.
    Thierry-Mieg, Y.: Symbolic model-checking using ITS-tools. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 231–237. Springer, Heidelberg (2015)Google Scholar
  11. 11.
    TREsPASS: Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security, FP7 project, grant agreement 318003 (2012–2016). http://www.trespass-project.eu/
  12. 12.
    Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: 2014 IEEE 27th Computer Security Foundations Symposium (CSF), pp. 337–350. IEEE (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Sophie Pinchinat
    • 1
    Email author
  • Mathieu Acher
    • 1
  • Didier Vojtisek
    • 1
  1. 1.IRISA/InriaRennes CedexFrance

Personalised recommendations