Attack-Defense Trees: Theory Meets Practice


CALL: 2013

DOMAIN: IS - Information Security and Trust Management





HOST INSTITUTION: University of Luxembourg

KEYWORDS: graphical security modeling, formal methods, attack-defense trees, attack trees, risk assessment, threat analysis, attack probability, qualitative and quantitative security analysis, library of attack and defense patterns, security practices

START: 2014-07-01

END: 2017-06-30


Submitted Abstract

Threat and risk analysis are crucial steps in developing secure and usable ICT solutions. An optimal security assessment methodology should combine sound, mathematical foundations with practical and user friendly representation features. Attack trees and related approaches fulfill these criteria, which explains their increasing popularity over the last decade.Attack-defense trees augment attack trees by including defensive measures into the model. They provide the means to qualitatively and quantitatively assess security. The extended formalism allows for an improved analysis, without however requiring additional computational power. The objective of the ADT2P project is to elevate the attack-defense tree methodology to an industrially applicable security analysis framework and to integrate it with standard risk assessment tools. In order to achieve this goal, fundamental research as well as practical validation will be performed. Attack-defense trees will be extended with additional features that are necessary to model real-life scenarios. This will include introducing the notions of actors and objects as well as defining dedicated security measures, such as risk and impact. New algorithms that can cope with large-scale models as well as methods to construct attack-defense trees from generic attack and defense patterns will be designed. For this, the automatic composition of models will be investigated. Finally, a new version of ADTool, a free and open source software application supporting threat analysis using the attack-defense tree formalism, will be released. The ADT2P project will build upon the expertise gained within the FNR CORE project ATREES. Involvement of the industrial partners SINTEF and THALES will ensure that the proposed methodology is highly usable and practical. By integrating the project results into existing security and risk assessment solutions, ADT2P will assist small and medium sized auditing and consulting companies in providing better and more accurate security assessment results. Wide and effective dissemination of the project results will be guaranteed by close cooperation of the ADT2P team with members of numerous related projects, including the EU FP7 project TREsPASS and the FNR CORE project STAST. By setting up the International Workshop on Graphical Models for Security, the ADT2P project will contribute to further development of the graphical security modeling research field.

This site uses cookies. By continuing to use this site, you agree to the use of cookies for analytics purposes. Find out more in our Privacy Statement