Quantitative Verification and Synthesis of Attack-Defence Scenarios

Zaruhi Aslanyan; Flemming Nielson; David Parker

doi:10.1109/CSF.2016.15

Quantitative Verification and Synthesis of Attack-Defence Scenarios

Zaruhi Aslanyan
, Flemming Nielson
, David Parker

Department of Applied Mathematics and Computer Science

University of Birmingham

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

714 Downloads (Orbit)

Abstract

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.

Original language	English
Title of host publication	Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF 2016)
Publisher	IEEE
Publication date	2016
Pages	105-119
ISBN (Print)	978-1-5090-2607-4
DOIs	https://doi.org/10.1109/CSF.2016.15
Publication status	Published - 2016
Event	2016 IEEE 29th Computer Security Foundations Symposium - Lisaboa, Portugal Duration: 27 Jun 2016 → 1 Jul 2016 Conference number: 29 http://csf2016.tecnico.ulisboa.pt/ https://ieeexplore.ieee.org/xpl/conhome/7518122/proceeding

Conference

Conference	2016 IEEE 29th Computer Security Foundations Symposium
Number	29
Country/Territory	Portugal
City	Lisaboa
Period	27/06/2016 → 01/07/2016
Internet address	http://csf2016.tecnico.ulisboa.pt/ https://ieeexplore.ieee.org/xpl/conhome/7518122/proceeding

Series	I E E E Computer Security Foundations Symposium. Proceedings
ISSN	1940-1434

Keywords

Attack-defence trees
Stochastic games
Formal verification
Probabilistic model checking

Access to Document

10.1109/CSF.2016.15

2016 QuantitativeVerificationAndSynthesisOfAttackDefenceScenariosAccepted author manuscript, 422 KB

OpenUrl availability

Check availability in DTU Findit

Cite this

@inproceedings{84d021bdb66445f891d11fb94423ae2b,

title = "Quantitative Verification and Synthesis of Attack-Defence Scenarios",

abstract = "Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.",

keywords = "Attack-defence trees, Stochastic games, Formal verification, Probabilistic model checking",

author = "Zaruhi Aslanyan and Flemming Nielson and David Parker",

year = "2016",

doi = "10.1109/CSF.2016.15",

language = "English",

isbn = "978-1-5090-2607-4",

series = "I E E E Computer Security Foundations Symposium. Proceedings",

publisher = "IEEE",

pages = "105--119",

booktitle = "Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF 2016)",

address = "United States",

note = "2016 IEEE 29th Computer Security Foundations Symposium, CSF 2016 ; Conference date: 27-06-2016 Through 01-07-2016",

url = "http://csf2016.tecnico.ulisboa.pt/, https://ieeexplore.ieee.org/xpl/conhome/7518122/proceeding",

}

Aslanyan, Z, Nielson, F & Parker, D 2016, Quantitative Verification and Synthesis of Attack-Defence Scenarios. in Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF 2016). IEEE, I E E E Computer Security Foundations Symposium. Proceedings, pp. 105-119, 2016 IEEE 29th Computer Security Foundations Symposium, Lisaboa, Portugal, 27/06/2016. https://doi.org/10.1109/CSF.2016.15

Quantitative Verification and Synthesis of Attack-Defence Scenarios. / Aslanyan, Zaruhi; Nielson, Flemming; Parker, David.
Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF 2016). IEEE, 2016. p. 105-119 (I E E E Computer Security Foundations Symposium. Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Quantitative Verification and Synthesis of Attack-Defence Scenarios

AU - Aslanyan, Zaruhi

AU - Nielson, Flemming

AU - Parker, David

N1 - Conference code: 29

PY - 2016

Y1 - 2016

N2 - Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.

AB - Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system.

KW - Attack-defence trees

KW - Stochastic games

KW - Formal verification

KW - Probabilistic model checking

U2 - 10.1109/CSF.2016.15

DO - 10.1109/CSF.2016.15

M3 - Article in proceedings

SN - 978-1-5090-2607-4

T3 - I E E E Computer Security Foundations Symposium. Proceedings

SP - 105

EP - 119

BT - Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF 2016)

PB - IEEE

T2 - 2016 IEEE 29th Computer Security Foundations Symposium

Y2 - 27 June 2016 through 1 July 2016

ER -

Quantitative Verification and Synthesis of Attack-Defence Scenarios

Abstract

Conference

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this