ATSyRa: An Integrated Environment for Synthesizing Attack Trees

Pinchinat, Sophie; Acher, Mathieu; Vojtisek, Didier

doi:10.1007/978-3-319-29968-6_7

Sophie Pinchinat¹⁶,
Mathieu Acher¹⁶ &
Didier Vojtisek¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9390))

Included in the following conference series:

International Workshop on Graphical Models for Security

810 Accesses
16 Citations

Abstract

Attack trees are widely considered in the fields of security for the analysis of risks (or threats) against electronics, computer control, or physical systems. A major barrier is that attack trees can become largely complex and thus hard to specify. This paper presents ATSyRA, a tooling environment to automatically synthesize attack trees of a system under study. ATSyRA provides advanced editors to specify high-level descriptions of a system, high-level actions to structure the tree, and ways to interactively refine the synthesis. We illustrate how users can specify a military building, abstract and organize attacks, and eventually obtain a readable attack tree.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 34.99; Price excludes VAT (USA)

Softcover Book: USD 44.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
For “Attack-Tree Sythesis for Risk Analysis”.
2.
In the context of a collaboration between IRISA and Defense Ministry in France (DGA).
3.
http://tinyurl.com/ATSyRA.

References

Colange, M., Baarir, S., Kordon, F., Thierry-Mieg, Y.: Towards distributed software model-checking using decision diagrams. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 830–845. Springer, Heidelberg (2013)
Chapter Google Scholar
Hong, J.B., Kim, D.S., Takaoka, T.: Scalable attack representation model using logic reduction techniques. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 404–411 (2013)
Google Scholar
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013)
Chapter Google Scholar
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)
Article MATH Google Scholar
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)
Article Google Scholar
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)
Chapter Google Scholar
Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014 Workshops. LNCS, vol. 8938, pp. 363–375. Springer, Heidelberg (2015)
Google Scholar
Schneier, B.: Attack trees : modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)
Google Scholar
Paul, S.: Towards automating the construction & maintenance of attack trees: a feasibility study. In: Kordy, B., Mauw, S., Pieters, W. (eds.) GraMSec, vol. 148, pp. 31–46. EPTCS (2014)
Google Scholar
Thierry-Mieg, Y.: Symbolic model-checking using ITS-tools. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 231–237. Springer, Heidelberg (2015)
Google Scholar
TREsPASS: Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security, FP7 project, grant agreement 318003 (2012–2016). http://www.trespass-project.eu/
Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: 2014 IEEE 27th Computer Security Foundations Symposium (CSF), pp. 337–350. IEEE (2014)
Google Scholar

Download references

Acknowledgements

This work is funded by the Direction Générale de l’Armement (DGA) - Ministère de la Défense, France. We thank Salomé Coavoux and Maël Guilleme for their insightful comments and development around ATSyRA.

Author information

Authors and Affiliations

IRISA/Inria, Campus de Beaulieu, 35042, Rennes Cedex, France
Sophie Pinchinat, Mathieu Acher & Didier Vojtisek

Authors

Sophie Pinchinat
View author publications
You can also search for this author in PubMed Google Scholar
Mathieu Acher
View author publications
You can also search for this author in PubMed Google Scholar
Didier Vojtisek
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sophie Pinchinat .

Editor information

Editors and Affiliations

University of Luxembourg, Luxembourg, Luxembourg
Sjouke Mauw
INSA Rennes and IRISA, Rennes, France
Barbara Kordy
George Mason University, Fairfax, VA, Virginia, USA
Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Pinchinat, S., Acher, M., Vojtisek, D. (2016). ATSyRa: An Integrated Environment for Synthesizing Attack Trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds) Graphical Models for Security. GraMSec 2015. Lecture Notes in Computer Science(), vol 9390. Springer, Cham. https://doi.org/10.1007/978-3-319-29968-6_7

Download citation

DOI: https://doi.org/10.1007/978-3-319-29968-6_7
Published: 06 February 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29967-9
Online ISBN: 978-3-319-29968-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics