A Probabilistic Framework for Security Scenarios with Dependent Actions

TitleA Probabilistic Framework for Security Scenarios with Dependent Actions
Publication TypeConference Paper
Year of Publication2014
AuthorsKordy B., Pouly M., Schweizer P.
EditorAlbert E., Sekereinsk E.
Conference Name11th International Conference on Integrated Formal Methods, IFM 2014, Bertinoro, Italy
Date PublishedSeptember
PublisherSpringer
Abstract

This work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack-defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform probabilistic evaluation of attack-defense scenarios involving dependent actions. To improve the efficiency of our computations, we make use of inference algorithms from Bayesian networks and encoding techniques from constraint reasoning. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory.