Time-dependent analysis of attacks

TitleTime-dependent analysis of attacks
Publication TypeConference Paper
Year of Publication2014
AuthorsArnold F., Hermanns H., Pulungan R., Stoelinga M.IA
Conference NameProceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France
Date PublishedApril
PublisherSpringer Verlag
Conference LocationBerlin
Keywordsattack trees, phase type, security

The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker's success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.