A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks

Instrumentation blueprints: towards combining several android instrumentation tools

Algorithms and the Foundations of Software technologyComputer Systems, Imagery and Medi

Attack Trees: A Notion of Missing Attacks

International audienceAttack trees are widely used for security modeling and risk analysis. Classically, an attack tree combines possible actions of the attacker into attacks. In most existing approaches, an attack tree represents generic ways of attacking a system, but without taking any specific system or its configuration into account. This means that such a generic attack tree may contain attacks that are not applicable to the analyzed system, and also that a given system could enable some attacks that the attack tree did not capture.To overcome this problem, we extend the attack tree setting with a model of the analyzed system, allowing us to introduce precise path semantics of an attack tree and to define missing attacks. We investigate the missing attack existence problem and show how to solve it by calls to the NP oracle that answers the trace attack tree membership problem; the latter problem has been implemented and is available as an open source prototype

Mitigating Security Risks through Attack Strategies Exploration

International audienceSecurity assessment of organization's information systems is becoming increasingly complex due to their growing sizes and underlying architectures, e.g., cloud. Analyzing potential attacks is a pragmatic approach that provides insightful information to achieve this purpose. In this work, we propose to synthesize defense configurations to counter sophisticated attack strategies minimizing resource usage while ensuring a high probability of success. For this, we combine Statistical Model Checking techniques with Genetic Algorithms. Experiments performed on real-life case studies show substantial improvements compared to existing techniques

Refinement-aware generation of attack trees

\u3cp\u3eAttack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantically relevant levels of abstraction is still an open question. In this paper, we formulate the attack-tree generation problem and propose a methodology to, given a system model, generate attack trees with meaningful levels of abstraction.\u3c/p\u3