Computing Exact Outcomes of Multi-parameter Attack Trees
In this paper we introduce a set of computation rules to determine the attacker’s exact expected outcome based on a multi-parameter attack tree. We compare these rules to a previously proposed computational semantics by Buldas et al. and prove that our new semantics always provides at least the same outcome. A serious drawback of our proposed computations is the exponential complexity. Hence, implementation becomes an important issue. We propose several possible optimisations and evaluate the result experimentally. Finally, we also prove the consistency of our computations in the framework of Mauw and Oostdijk and discuss the need to extend the framework.
KeywordsRoot Node Tree Computation Boolean Formula Disjunctive Normal Form Satisfying Assignment
Unable to display preview. Download preview PDF.
- 1.Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault Tree Handbook. US Government Printing Office, Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission (January 1981)Google Scholar
- 2.Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison Wesley Professional, Reading (2001)Google Scholar
- 3.Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute (2001)Google Scholar
- 4.Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572–581 (1991)Google Scholar
- 5.Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24(12), 21–29 (1999)Google Scholar
- 6.Edge, K.S.: A Framework for Analyzing and Mitigating the Vulnerabilities of Complex Systems via Attack and Protection Trees. Ph.D thesis, Air Force Institute of Technology, Ohio (2007)Google Scholar
- 7.Espedahlen, J.H.: Attack trees describing security in distributed internet-enabled metrology. Master’s thesis, Department of Computer Science and Media Technology, Gjøvik University College (2007)Google Scholar
- 9.Opel, A.: Design and implementation of a support tool for attack trees. Technical report, Otto-von-Guericke University, Internship Thesis (March 2005)Google Scholar
- 10.Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures via Multi-Parameter Attack Trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)Google Scholar
- 13.Rätsep, L.: The influence and measurability of the parameters of the security analysis of the Estonian e-voting system. M.Sc thesis, Tartu University (2008) (in Estonian)Google Scholar
- 15.Andrusenko, A.: Multiparameter attack tree analysis software. B.Sc thesis, Tartu University (2008) (in Estonian)Google Scholar