Quantitative Verification and Synthesis of Attack-Defence Scenarios

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system

An agent based protocol for parallel negotiation of dependent resources

Context. Resource allocation is an important issue in order to complete a task in the field of agent system. Several protocols are available for task distribution and for efficient resource allocation among agents. Efficient task distribution and resource allocation among agents are often play important roles to obtain high performance. However, the situation becomes more complicated when the resources are dependent on each other where multiple buyers and providers of resources negotiate in parallel. Objectives. In this paper, we proposed an agent based protocol for synchronizing and allocating dependent resources that involves parallel negotiation between multiple buyers and providers of resources. Methods. Literature survey has been conducted in the studied areas in order to position the work and gain more knowledge. Moreover, to validate the proposed protocol, a simulation study was performed. Results. The suggested protocol can handle dependent resources negotiation parallel and the result illustrates that. Moreover, the approach can avoid broadcasting of call for proposals to reduce the communication overhead, which usually occur in many other protocols. Conclusion. In the suggested protocol, we have presented a new idea of re-planning with other techniques like Information board and leveled commitment. In a simulation study, it was identified that this approach is able to deal with the dependent resources according to the simulation results

An agent based protocol for parallel negotiation of dependent resources

Context. Resource allocation is an important issue in order to complete a task in the field of agent system. Several protocols are available for task distribution and for efficient resource allocation among agents. Efficient task distribution and resource allocation among agents are often play important roles to obtain high performance. However, the situation becomes more complicated when the resources are dependent on each other where multiple buyers and providers of resources negotiate in parallel. Objectives. In this paper, we proposed an agent based protocol for synchronizing and allocating dependent resources that involves parallel negotiation between multiple buyers and providers of resources. Methods. Literature survey has been conducted in the studied areas in order to position the work and gain more knowledge. Moreover, to validate the proposed protocol, a simulation study was performed. Results. The suggested protocol can handle dependent resources negotiation parallel and the result illustrates that. Moreover, the approach can avoid broadcasting of call for proposals to reduce the communication overhead, which usually occur in many other protocols. Conclusion. In the suggested protocol, we have presented a new idea of re-planning with other techniques like Information board and leveled commitment. In a simulation study, it was identified that this approach is able to deal with the dependent resources according to the simulation results

Modeling and Analysing Socio-Technical Systems

Modern organisations are complex, socio-technical systems consisting of a mixture of physical infrastructure, human actors, policies and processes. An increasing number of attacks on these organisations exploits vulnerabilities on all different levels, for example combining a malware attack with social engineering. Due to this combination of attack steps on technical and social levels, risk assessment in socio-technical systems is complex. Therefore, established risk assessment methods often abstract away the internal structure of an organisation and ignore human factors when modelling and assessing attacks. In our work we model all relevant levels of socio-technical systems, and propose evaluation techniques for analysing the security properties of the model. Our approach simplifies the identification of possible attacks and provides qualified assessment and ranking of attacks based on the expected impact