Time-dependent analysis of attacks
|Title||Time-dependent analysis of attacks|
|Publication Type||Conference Paper|
|Year of Publication||2014|
|Authors||Arnold F., Hermanns H., Pulungan R., Stoelinga M.IA|
|Conference Name||Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France|
|Keywords||attack trees, phase type, security|
The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker's success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.