{"title":"基于Pareto属性域的高效攻防树分析","authors":"Barbara Kordy, Wojciech Wideł","doi":"10.1109/CSF.2019.00021","DOIUrl":null,"url":null,"abstract":"The cheapest attacks are often time-consuming, and those requiring high level of technical skills might occur rarely but result in disastrous consequences. Therefore, analysis focusing on a single parameter at a time, e.g., only cost or time, is insufficient for the successful selection of the appropriate measures increasing system^{\\prime}s security. In practice, security engineers are thus confronted with the problem of multi-parameter analysis. The objective of this work is to address this problem and propose a sound, general framework for multi-parameter analysis of security. In order to ensure the usability of our solution for real-life applications, our proposal relies on the attack– defense tree model that security experts from industry are already familiar with. We present mathematical foundations of our framework and characterize the class of parameters it is suitable for. We identify conditions under which the proposed method applies to attack–defense trees where several nodes represent the same action. We discuss the complexity of our approach and implement the underlying algorithms in a proof of concept tool. We analyze its performance on a number of trees of varying complexity, and validate our proposal on a case study borrowed from industry.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Efficient Attack-Defense Tree Analysis using Pareto Attribute Domains\",\"authors\":\"Barbara Kordy, Wojciech Wideł\",\"doi\":\"10.1109/CSF.2019.00021\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The cheapest attacks are often time-consuming, and those requiring high level of technical skills might occur rarely but result in disastrous consequences. Therefore, analysis focusing on a single parameter at a time, e.g., only cost or time, is insufficient for the successful selection of the appropriate measures increasing system^{\\\\prime}s security. In practice, security engineers are thus confronted with the problem of multi-parameter analysis. The objective of this work is to address this problem and propose a sound, general framework for multi-parameter analysis of security. In order to ensure the usability of our solution for real-life applications, our proposal relies on the attack– defense tree model that security experts from industry are already familiar with. We present mathematical foundations of our framework and characterize the class of parameters it is suitable for. We identify conditions under which the proposed method applies to attack–defense trees where several nodes represent the same action. We discuss the complexity of our approach and implement the underlying algorithms in a proof of concept tool. We analyze its performance on a number of trees of varying complexity, and validate our proposal on a case study borrowed from industry.\",\"PeriodicalId\":249093,\"journal\":{\"name\":\"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)\",\"volume\":\"67 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF.2019.00021\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2019.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Efficient Attack-Defense Tree Analysis using Pareto Attribute Domains
The cheapest attacks are often time-consuming, and those requiring high level of technical skills might occur rarely but result in disastrous consequences. Therefore, analysis focusing on a single parameter at a time, e.g., only cost or time, is insufficient for the successful selection of the appropriate measures increasing system^{\prime}s security. In practice, security engineers are thus confronted with the problem of multi-parameter analysis. The objective of this work is to address this problem and propose a sound, general framework for multi-parameter analysis of security. In order to ensure the usability of our solution for real-life applications, our proposal relies on the attack– defense tree model that security experts from industry are already familiar with. We present mathematical foundations of our framework and characterize the class of parameters it is suitable for. We identify conditions under which the proposed method applies to attack–defense trees where several nodes represent the same action. We discuss the complexity of our approach and implement the underlying algorithms in a proof of concept tool. We analyze its performance on a number of trees of varying complexity, and validate our proposal on a case study borrowed from industry.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
