Variability meets Security: Quantitative security modeling and analysis of highly customizable attack scenarios

Maurice H. ter Beek, Axel Legay, Alberto Lluch Lafuente, Andrea Vandin

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

73 Downloads (Pure)

Abstract

We present a framework for quantitative security modeling and analysis of highly customizable attack scenarios, which resulted as a spin-off from our research in software product line engineering. The graphical security models are based on attributed attack-defense diagrams to capture the structure and properties of vulnerabilities, defenses and countermeasures-with notable similarities to feature diagrams-and on probabilistic models of attack behavior, capable of capturing resource constraints and attack effectiveness. In this paper, we provide an overview of the framework that is described in full technical detail in twin papers, which present the formal syntax and semantics of the domain-specific language and showcase the associated tool with advanced IDE support for performing analyses based on statistical model checking. The properties of interest range from average cost and success probability of attacks to the effectiveness of defenses and countermeasures. Here we illustrate the capabilities of the DSL and the tool by applying them to an example scenario from the security domain. This shows how techniques from variability modeling can be applied to security. We conclude with a vision and roadmap for future research.
Original languageEnglish
Title of host publicationProceedings of the 14th International Working Conference on Variability Modelling of Software-Intensive Systems
PublisherAssociation for Computing Machinery
Publication date2020
Article number11
ISBN (Electronic)9781450375016
DOIs
Publication statusPublished - 2020
Event14th International Working Conference on Variability Modelling of Software-Intensive Systems - Lukasklause, Magdeburg , Germany
Duration: 5 Feb 20207 Feb 2020
https://vamos2020.dbse.iti.cs.ovgu.de/index.html

Conference

Conference14th International Working Conference on Variability Modelling of Software-Intensive Systems
LocationLukasklause
Country/TerritoryGermany
CityMagdeburg
Period05/02/202007/02/2020
Internet address
SeriesACM International Conference Proceeding Series

Keywords

  • Variability models
  • Graphical security models
  • Attack-defense trees
  • Quantitative security
  • Statistical model checking
  • Formal analysis tools

Fingerprint

Dive into the research topics of 'Variability meets Security: Quantitative security modeling and analysis of highly customizable attack scenarios'. Together they form a unique fingerprint.

Cite this