Abstract
Attack trees are widely considered in the fields of security for the analysis of risks (or threats) against electronics, computer control, or physical systems. A major barrier is that attack trees can become largely complex and thus hard to specify. This paper presents ATSyRA, a tooling environment to automatically synthesize attack trees of a system under study. ATSyRA provides advanced editors to specify high-level descriptions of a system, high-level actions to structure the tree, and ways to interactively refine the synthesis. We illustrate how users can specify a military building, abstract and organize attacks, and eventually obtain a readable attack tree.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For “Attack-Tree Sythesis for Risk Analysis”.
- 2.
In the context of a collaboration between IRISA and Defense Ministry in France (DGA).
- 3.
References
Colange, M., Baarir, S., Kordon, F., Thierry-Mieg, Y.: Towards distributed software model-checking using decision diagrams. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 830–845. Springer, Heidelberg (2013)
Hong, J.B., Kim, D.S., Takaoka, T.: Scalable attack representation model using logic reduction techniques. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 404–411 (2013)
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)
Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014 Workshops. LNCS, vol. 8938, pp. 363–375. Springer, Heidelberg (2015)
Schneier, B.: Attack trees : modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)
Paul, S.: Towards automating the construction & maintenance of attack trees: a feasibility study. In: Kordy, B., Mauw, S., Pieters, W. (eds.) GraMSec, vol. 148, pp. 31–46. EPTCS (2014)
Thierry-Mieg, Y.: Symbolic model-checking using ITS-tools. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 231–237. Springer, Heidelberg (2015)
TREsPASS: Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security, FP7 project, grant agreement 318003 (2012–2016). http://www.trespass-project.eu/
Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: 2014 IEEE 27th Computer Security Foundations Symposium (CSF), pp. 337–350. IEEE (2014)
Acknowledgements
This work is funded by the Direction Générale de l’Armement (DGA) - Ministère de la Défense, France. We thank Salomé Coavoux and Maël Guilleme for their insightful comments and development around ATSyRA.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Pinchinat, S., Acher, M., Vojtisek, D. (2016). ATSyRa: An Integrated Environment for Synthesizing Attack Trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds) Graphical Models for Security. GraMSec 2015. Lecture Notes in Computer Science(), vol 9390. Springer, Cham. https://doi.org/10.1007/978-3-319-29968-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-29968-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29967-9
Online ISBN: 978-3-319-29968-6
eBook Packages: Computer ScienceComputer Science (R0)