Using Strategy Objectives for Network Security Analysis
The anticipation game framework is an extension of attack graphs based on game theory. It is used to anticipate and analyze intruder and administrator concurrent interactions with the network. Like attack-graph-based model checking, the goal of an anticipation game is to prove that a safety property holds. However, expressing intruder goal as a safety property is tedious and error prone on large networks because it assumes that the analyst has prior and complete knowledge of critical network services and knows what the attacker targets will be.
In this paper we address this issue by introducing a new kind of goal called ”strategy objectives”. Strategy objectives mix logical constraints and numerical ones. In order to achieve these strategy objectives, we have extended the anticipation games framework with cost and reward. Additionally, this extension allows us to take into account the financial dimension of attacks during the analysis. We prove that finding the optimal strategy is decidable and only requires linear space. Finally we show that anticipation games with strategy objectives can be used in practice even on large networks by evaluating the performance of our prototype.
KeywordsModel Check Dependency Graph Security Goal Analysis Goal Attack Graph
Unable to display preview. Download preview PDF.
- 2.Bérard, B., Bidoit, M., Finkel, A., Laroussinie, F., Petit, A., Petrucci, L., Schnoebelen, P.: Systems and Software Verification. In: Model-Checking Techniques and Tools. Springer, Heidelberg (2001)Google Scholar
- 6.Dacier, M., Deswarte, Y., Kaaniche, M.: Models and tools for quantitative assessment of operational security. In: 12th International Information Security Conference, pp. 177–186 (May 1996)Google Scholar
- 12.Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: 19th Annual Computer Security Applications Conference, pp. 86–95 (December 2003)Google Scholar