The Value of Attack-Defence Diagrams

TitleThe Value of Attack-Defence Diagrams
Publication TypeConference Paper
Year of Publication2016
AuthorsHermanns H., Krämer J., Krčál J., Stoelinga M.IA
EditorPiessens F., Viganò L.
Conference NameProceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, Netherlands
Date PublishedApril
PublisherSpringer Verlag
Conference LocationBerlin
KeywordsAttack-defense tree, model checking, socio-technical security, stochastic timed automata

Success or failure of attacks on high-security systems, such as hacker attacks on sensitive data, depend on various situational conditions, including the timing and success chances of single attack steps, and concurrent countermeasures of the defender. With the existing state-of-the-art modelling tools for attack scenarios, comprehensive considerations of these conditions have not been possible. This paper introduces Attack-Defence Diagrams as a formalism to describe intricate attack-defence scenarios that can represent the above mentioned situational conditions. A diagram's semantics naturally corresponds to a game where its players, the attacker and the defender, compete to turn the game's outcome from undecided into a successful attack or defence, respectively. Attack-Defence Diagrams incorporate aspects of time, probability, and cost, so as to reflect timing of attack steps and countermeasures, their success chances, as well as skills and knowledge of the attacker and defender that may increase over time with lessons learned from previous attack steps. The semantics maps on stochastic timed automata as the underlying mathematical model in a compositional manner. This enables an efficient what-if quantitative evaluation to deliver cost and success estimates, as we demonstrate by a case study from the cyber-security domain.