A methodology for qualitative/quantitative analysis of weighted attack trees

Andrea Bobbio, Lavinia Egidi, Roberta Terruggia

Risultato della ricerca: Contributo su rivistaArticolo da conferenzapeer review

Abstract

Attack and Defense Trees (ADT) constitute a formal modeling technique that has become dominant in recent years in the area of qualitative and quantitative cybersecurity analysis of ICT and digital control systems. A Weighted-ADT (WADT) is augmented with cost or impact attributes to evidence the most convenient attack sequence in terms of investment budget and provoked damage and to provide an indication on how to mitigate the located breaches by means of suitable countermeasures. The original analysis technique proposed in this paper is based on the representation of a WADT by means of an extension of Binary Decision Diagrams (BDD), called Multi Terminal Binary Decision Diagrams (MTBDD). MTBDDs allow the modeler to evaluate the probability distribution function of the cost and impact related to any possible attack scenario. A running example illustrates the methodology.

Lingua originaleInglese
pagine (da-a)133-138
Numero di pagine6
RivistaIFAC-PapersOnLine
Volume4
Numero di pubblicazionePART 1
DOI
Stato di pubblicazionePubblicato - 2013
Evento4th IFAC Workshop on Dependable Control of Discrete Systems, DCDS 2013 - York, United Kingdom
Durata: 4 set 20136 set 2013

Fingerprint

Entra nei temi di ricerca di 'A methodology for qualitative/quantitative analysis of weighted attack trees'. Insieme formano una fingerprint unica.

Cita questo