Time-Dependent Analysis of Attacks

  • Florian Arnold
  • Holger Hermanns
  • Reza Pulungan
  • Mariëlle Stoelinga
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8414)

Abstract

The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker’s success as time progresses is therefore a key for effective countermeasures in securing systems.

This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Basin, D.A., Capkun, S.: The research value of publishing attacks. Commun. ACM 55(11), 22–24 (2012)CrossRefGoogle Scholar
  2. 2.
    Köpf, B., Malacaria, P., Palamidessi, C.: Quantitative Security Analysis (Dagstuhl Seminar 12481). Dagstuhl Reports 2(11), 135–154 (2013)Google Scholar
  3. 3.
    Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24(12) (December 1999)Google Scholar
  4. 4.
    Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Kordy, B., Pouly, M., Schweitzer, P.: Computational aspects of attack–defense trees. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 103–116. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Roy, A., Kim, D., Trivedi, K.: Attack countermeasure trees (act): towards unifying the constructs of attack and defense trees. Sec. and Commun. Netw. 5(8), 929–943 (2012)CrossRefGoogle Scholar
  7. 7.
    Zonouz, S., Khurana, H., Sanders, W., Yardley, T.: Rre: A game-theoretic intrusion response and recovery engine. In: IEEE/IFIP International Conference on Dependable Systems Networks, DSN 2009, pp. 439–448 (July 2009)Google Scholar
  8. 8.
    Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Horváth, A., Telek, M.: PhFit: A general phase-type fitting tool. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 82–91. Springer, Heidelberg (2002)Google Scholar
  10. 10.
    Thümmler, A., Buchholz, P., Telek, M.: A novel approach for phase-type fitting with the EM algorithm. IEEE Trans. Dependable Sec. Comput. 3(3), 245–258 (2006)CrossRefGoogle Scholar
  11. 11.
    Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572–581 (1991)Google Scholar
  12. 12.
    Amoroso, E.: Fundamentals of computer security technology. Prentice-Hall, Inc., Upper Saddle River (1994)MATHGoogle Scholar
  13. 13.
    Kordy, B., Pietre-Cambacedes, L., Schweitzer, P.: DAG-based attack and defense modeling: Don’t miss the forest for the attack trees. CoRR abs/1303.7397 (2013)Google Scholar
  14. 14.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Bistarelli, S., Peretti, P., Trubitsyna, I.: Analyzing security scenarios using defence trees and answer set programming. Electron. Notes Theor. Comput. Sci. 197(2), 121–129 (2008)CrossRefGoogle Scholar
  16. 16.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284 (2002)Google Scholar
  18. 18.
    McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Quantitative cyber risk reduction estimation methodology for a small SCADA control system. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS 2006, vol. 9, pp. 226 (2006)Google Scholar
  19. 19.
    LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems, QEST 2011, pp. 191–200. IEEE Computer Society (2011)Google Scholar
  20. 20.
    McDermott, J.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security Paradigms, NSPW 2000, pp. 15–21. ACM, New York (2000)CrossRefGoogle Scholar
  21. 21.
    Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven Markov processes (BDMP). In: European Dependable Computing Conference (EDCC), pp. 199–208 (April 2010)Google Scholar
  22. 22.
    Piètre-Cambacédès, L., Bouissou, M.: Attack and defense modeling with BDMP. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 86–101. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Johnson, M.A., Taaffe, M.R.: The denseness of phase distributions. School of Industrial Engineering Research Memoranda 88-20, Purdue University (1988)Google Scholar
  24. 24.
    Asmussen, S., Nerman, O., Olsson, M.: Fitting phase-type distributions via the EM algorithm. Scandinavian Journal of Statistics 23(4), 419–441 (1996)MATHGoogle Scholar
  25. 25.
    Neuts, M.F.: Matrix-Geometric Solutions in Stochastic Models: An Algorithmic Approach. Dover (1981)Google Scholar
  26. 26.
    He, Q.M., Zhang, H.: Spectral polynomial algorithms for computing bi-diagonal representations for phase type distributions and matrix-exponential distributions. Stochastic Models 2(2), 289–317 (2006)CrossRefGoogle Scholar
  27. 27.
    Cox, D.R.: A use of complex probabilities in the theory of stochastic processes. Proceedings of the Cambridge Philosophical Society 51(2), 313–319 (1955)CrossRefMATHGoogle Scholar
  28. 28.
    Cumani, A.: Canonical representation of homogeneous Markov processes modelling failure time distributions. Microelectronics and Reliability 2(3), 583–602 (1982)CrossRefMathSciNetGoogle Scholar
  29. 29.
    Pulungan, R., Hermanns, H.: Acyclic minimality by construction—almost. In: QEST, pp. 63–72. IEEE Computer Society (2009)Google Scholar
  30. 30.
    Buchholz, P.: Exact and ordinary lumpability in finite Markov chains. Journal of Applied Probability 31, 59–75 (1994)CrossRefMATHMathSciNetGoogle Scholar
  31. 31.
    Jonsson, E., Olovsson, T.: A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering 23(4), 235–245 (1997)CrossRefGoogle Scholar
  32. 32.
    Reibman, A.L., Trivedi, K.S.: Numerical transient analysis of Markov models. Computers & OR 15(1), 19–36 (1988)CrossRefMATHGoogle Scholar
  33. 33.
    Fox, B.L., Glynn, P.W.: Computing poisson probabilities. Commun. ACM 31(4), 440–445 (1988)CrossRefMathSciNetGoogle Scholar
  34. 34.
    Kwiatkowska, M.Z., Norman, G., Parker, D.: Probabilistic symbolic model checking with prism: a hybrid approach. STTT 6(2), 128–142 (2004)CrossRefGoogle Scholar
  35. 35.
    Katoen, J.P., Zapreev, I.S., Hahn, E.M., Hermanns, H., Jansen, D.N.: The ins and outs of the probabilistic model checker mrmc. Perform. Eval. 68(2), 90–104 (2011)CrossRefGoogle Scholar
  36. 36.
    Kriaa, S., Bouissou, M., Piètre-Cambacédès, L.: Modeling the stuxnet attack with BDMP: Towards more formal risk assessments. In: 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1–8 (October 2012)Google Scholar
  37. 37.
    The TREsPASS project: http://www.trespass-project.eu

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Florian Arnold
    • 1
  • Holger Hermanns
    • 2
  • Reza Pulungan
    • 3
  • Mariëlle Stoelinga
    • 1
  1. 1.Formal Methods & Tools Group, Department of Computer ScienceUniversity of TwenteEnschedeThe Netherlands
  2. 2.Dependable Systems and SoftwareSaarland UniversitySaarbrückenGermany
  3. 3.Jurusan Ilmu Komputer dan ElektronikaUniversitas Gadjah MadaIndonesia

Personalised recommendations