![Page 1: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/1.jpg)
On Attack/Defense Trees
Patrick SchweitzerSaToSS, Faculty of Sciences, Communication and Technology
University of Luxembourg
November 17th 2009
1/23
![Page 2: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/2.jpg)
Outline
1 Intuition and overview of existing approaches to model attacks
2 Attack Trees
3 The new approach to include defenses
4 Future work
2/23
![Page 3: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/3.jpg)
Intuition and overview
Intuition
Get money(illegally)
Get moneyfrom a bank
Rob a
bank
Steal from
ATM
S2
S2
S2
Hack into
computer
system
Rob a storeEnter with
a gun2 3.1
4.14.2
4.3
3.2
3.33.4
Enter
disguised
Enter
at night2
Go toloan shark
3/23
![Page 4: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/4.jpg)
Intuition and overview
Intuition
Get money(illegally)
Get moneyfrom a bank
Rob a
bank
Steal from
ATM
S2
S2
S2
Hack into
computer
system
Rob a storeEnter with
a gun2 3.1
4.14.2
4.3
3.2
3.33.4
Enter
disguised
Enter
at night2
Go toloan shark
3/23
![Page 5: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/5.jpg)
Intuition and overview
Intuition
Get money(illegally)
Get moneyfrom a bank
Rob a
bank
Steal from
ATM
S2
S2
S2
Hack into
computer
system
Rob a storeEnter with
a gun2 3.1
4.14.2
4.3
3.2
3.33.4
Enter
disguised
Enter
at night2
Go toloan shark
3/23
![Page 6: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/6.jpg)
Intuition and overview
Guide to modeling attacks
Intuitive start: A mindmap (a special graph)
Problem: Complexity
Solution: Computer support (requires formalism)
Literature: Several approaches
4/23
![Page 7: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/7.jpg)
Intuition and overview
Guide to modeling attacks
Intuitive start: A mindmap (a special graph)
Problem: Complexity
Solution: Computer support (requires formalism)
Literature: Several approaches
4/23
![Page 8: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/8.jpg)
Intuition and overview
Guide to modeling attacks
Intuitive start: A mindmap (a special graph)
Problem: Complexity
Solution: Computer support (requires formalism)
Literature: Several approaches
4/23
![Page 9: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/9.jpg)
Intuition and overview
Guide to modeling attacks
Intuitive start: A mindmap (a special graph)
Problem: Complexity
Solution: Computer support (requires formalism)
Literature: Several approaches
4/23
![Page 10: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/10.jpg)
Intuition and overview
Different approaches to modeling attacks
Attack TreesEssentially all information is contained in the leaves.
Attack Graphs or Attack NetsFinite automata that fulfill security properties;separation of data and processes
Security Pattern DescriptionsDocuments that describe in words the possible attacks on asystem. They are very long exactly like this text which shouldnever have been on the slide because nobody that listens tothe talk reads that much text.
. . .
5/23
![Page 11: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/11.jpg)
Intuition and overview
Different approaches to modeling attacks
Attack TreesEssentially all information is contained in the leaves.
Attack Graphs or Attack NetsFinite automata that fulfill security properties;separation of data and processes
Security Pattern DescriptionsDocuments that describe in words the possible attacks on asystem. They are very long exactly like this text which shouldnever have been on the slide because nobody that listens tothe talk reads that much text.
. . .
5/23
![Page 12: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/12.jpg)
Intuition and overview
Different approaches to modeling attacks
Attack TreesEssentially all information is contained in the leaves.
Attack Graphs or Attack NetsFinite automata that fulfill security properties;separation of data and processes
Security Pattern DescriptionsDocuments that describe in words the possible attacks on asystem. They are very long exactly like this text which shouldnever have been on the slide because nobody that listens tothe talk reads that much text.
. . .
5/23
![Page 13: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/13.jpg)
Attack Trees
1 Intuition and overview of existing approaches to model attacks
2 Attack Trees
3 The new approach to include defenses
4 Future work
6/23
![Page 14: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/14.jpg)
Attack Trees
Attack Trees - the concept
Attack: How to get free food?
7/23
![Page 15: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/15.jpg)
Attack Trees
Attack Trees - the concept
Attack: How to get free food?
Free food
7/23
![Page 16: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/16.jpg)
Attack Trees
Attack Trees - the concept
Attack: How to get free food?
Free food∨
Eat ’n’ runPretendto work
at restaurant
7/23
![Page 17: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/17.jpg)
Attack Trees
Attack Trees - the concept
Attack: How to get free food?
Free food∨
Eat ’n’ run∧
Order meal Sneak out
Pretendto work
at restaurant∨
Ask Chefto prepare
Salamiattack
7/23
![Page 18: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/18.jpg)
Attack Trees
Attack Trees - the concept
Attack: How to get free food?
Free food∨
Eat ’n’ run∧
Order meal Sneak out
Pretendto work
at restaurant∨
Ask Chefto prepare
Salamiattack∧
Wait oncustomers
Steal part oftheir food
Sneak out
7/23
![Page 19: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/19.jpg)
Attack Trees
Attack Trees - the concept
Attack: How to get free food?
Free food∨
Eat ’n’ run∧
Order meal Sneak out
Pretendto work
at restaurant∨
Ask Chefto prepare
Salamiattack∧
Wait oncustomers
Steal part oftheir food
Sneak out
Essentially a set of multisets,e.g.:
{{{Order meal, sneak out}},
{{Ask Chef to prepare}},
{{Wait on customers,
steal part of their food,
sneak out}}}
7/23
![Page 20: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/20.jpg)
Attack Trees
Properties of the existing model
Important properties of Attack Trees
Uses and and or nodes
Simple normal form: trees of depth 1
Attributes can be attached to the leaves:then the attribute can be calculated for the root
Projection only works for some attributes(Projection = Restriction of an attribute)
8/23
![Page 21: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/21.jpg)
Attack Trees
Properties of the existing model
Important properties of Attack Trees
Uses and and or nodes
Simple normal form: trees of depth 1
Attributes can be attached to the leaves:then the attribute can be calculated for the root
Projection only works for some attributes(Projection = Restriction of an attribute)
8/23
![Page 22: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/22.jpg)
Attack Trees
Properties of the existing model
Important properties of Attack Trees
Uses and and or nodes
Simple normal form: trees of depth 1
Attributes can be attached to the leaves:then the attribute can be calculated for the root
Projection only works for some attributes(Projection = Restriction of an attribute)
8/23
![Page 23: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/23.jpg)
Attack Trees
Properties of the existing model
Important properties of Attack Trees
Uses and and or nodes
Simple normal form: trees of depth 1
Attributes can be attached to the leaves:then the attribute can be calculated for the root
Projection only works for some attributes(Projection = Restriction of an attribute)
8/23
![Page 24: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/24.jpg)
Attack Trees
Including a defense in the framework
Free food∨
Eat ’n’ run∧
Order meal Sneak out
Pretendto work
at restaurant∨
Ask Chefto prepare
Salamiattack∧
Wait oncustomers
Steal part oftheir food
Sneak out
9/23
![Page 25: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/25.jpg)
Attack Trees
Including a defense in the framework
Free food∨
Eat ’n’ run∧
Order meal Sneak out
Policeman
Pretendto work
at restaurant∨
Ask Chefto prepare
Salamiattack∧
Wait oncustomers
Steal part oftheir food
Sneak out
Policeman
9/23
![Page 26: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/26.jpg)
Attack Trees
Attack and Defense Trees
Consider the Defense Tree ’law enforcement’ instead of apoliceman.
Consider the Attack Tree ’Mafia’ attached to law enforcement.
and so on...
New framework: Attack Tree - Defense Tree - Attack Tree - ...
10/23
![Page 27: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/27.jpg)
Attack Trees
Attack and Defense Trees
Consider the Defense Tree ’law enforcement’ instead of apoliceman.
Consider the Attack Tree ’Mafia’ attached to law enforcement.
and so on...
New framework: Attack Tree - Defense Tree - Attack Tree - ...
10/23
![Page 28: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/28.jpg)
Attack Trees
Attack and Defense Trees
Consider the Defense Tree ’law enforcement’ instead of apoliceman.
Consider the Attack Tree ’Mafia’ attached to law enforcement.
and so on...
New framework: Attack Tree - Defense Tree - Attack Tree - ...
10/23
![Page 29: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/29.jpg)
The new approach to include defenses
1 Intuition and overview of existing approaches to model attacks
2 Attack Trees
3 The new approach to include defenses
4 Future work
11/23
![Page 30: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/30.jpg)
The new approach to include defenses
The general idea: two functions describing the nodes
Structure: rooted tree T = (V , E , r , τ, φ)(non-empty, finite, directed, connected, acyclic, rooted)Type: τ : V → {©,�,♦} Connector φ : V → {∨, ∧, ¬, −}
12/23
![Page 31: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/31.jpg)
The new approach to include defenses
The general idea: two functions describing the nodes
Structure: rooted tree T = (V , E , r , τ, φ)(non-empty, finite, directed, connected, acyclic, rooted)Type: τ : V → {©,�,♦} Connector φ : V → {∨, ∧, ¬, −}
τ(v) ∈ {©,�} =⇒ τ(w) ∈ {τ(v),♦} (1)
τ(v) ∈ {©,�} and | Childrenv | > 1 ⇐⇒φ(v) ∈ {∨, ∧} (2)
τ(v) ∈ {©,�} and | Childrenv | ≤ 1 ⇐⇒φ(v) = − (3)
τ(v) = ♦ =⇒ τ(w) ∈ {f (v),♦} (4)
τ(v) = ♦ =⇒ | Childrenv | = 1 (5)
τ(v) = ♦ ⇐⇒φ(v) = ¬ (6)
v , w ∈ V and (v , w) ∈ E
12/23
![Page 32: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/32.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
13/23
![Page 33: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/33.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
Property (1):τ(v) ∈ {©,�} =⇒ τ(w) ∈ {τ(v),♦}
13/23
![Page 34: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/34.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
Property (2):τ(v) ∈ {©,�} and | Childrenv | > 1⇐⇒φ(v) ∈ {∨, ∧}
13/23
![Page 35: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/35.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
Property (3):τ(v) ∈ {©,�} and | Childrenv | ≤ 1⇐⇒φ(v) = −
13/23
![Page 36: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/36.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
Property (4):τ(v) = ♦ =⇒ τ(w) ∈ {f (v),♦}
13/23
![Page 37: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/37.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
Property (5):τ(v) = ♦ =⇒ | Childrenv | = 1
13/23
![Page 38: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/38.jpg)
The new approach to include defenses
The additional properties
∨
−
¬
∧
− −
∧
− − ¬
−
∧
− ∧
− − ¬
∨
− −
∨
− −
Property (6):τ(v) = ♦ ⇐⇒ φ(v) = ¬
13/23
![Page 39: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/39.jpg)
The new approach to include defenses
Semantics of the Adtrees
∨
−
¬
∧
D1 −
∧
D2 D3 ¬
A1
∧
A2 ∧
A3 A4 ¬
∨
D4 D5
∨
A5 A6
Semantics of the adtree:Unique variable associated to leaf
JvK =
v if v ∈ L(T ),∨
w∈Childrenv
JwK if φ(v) = ∨,
∧
w∈Childrenv
JwK if φ(v) = ∧,
JwK if φ(v) = − and
Childrenv = {w},
¬JwK if φ(v) = ¬ and
Childrenv = {w}.
14/23
![Page 40: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/40.jpg)
The new approach to include defenses
Logical formulas associated to trees
∨
−
¬
∧
D1 −
∧
D2 D3 ¬
A1
∧
A2 ∧
A3 A4 ¬
∨
D4 D5
∨
A5 A6Propositional logic corresponding to thetree:
((¬(D1 ∧ ((D2 ∧ D3 ∧ (¬A1))))))∨(A2 ∧ (A3 ∧ A4 ∧ (¬(D4 ∨ D5)))∨(A5 ∨ A6)
15/23
![Page 41: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/41.jpg)
The new approach to include defenses
Trees in normal form
∨
A1 A5 A6 ¬
D1
¬
D2
¬
D3
∧
A2 A3 A4 ¬
D4
¬
D5
Normal form:A1 ∨ A5 ∨ A6 ∨ ¬D1 ∨ ¬D2 ∨ ¬D3 ∨ (A2 ∧ A3 ∧ A4 ∧ ¬D4 ∧ ¬D5)
16/23
![Page 42: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/42.jpg)
The new approach to include defenses
Exemplary transformation: Distributivity ∧ to ∨
∧
b
X1
. . .
k
b
Xk
∨
b
Y1
. . .
l
b
Yl
−→ ∨
∧
b
X1
. . .
k
b
Xk
b
Y1
. . .
l
∧
b
X1
. . .
k
b
Xk
b
Yl
With k ≥ 1 and l ≥ 2
17/23
![Page 43: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/43.jpg)
The new approach to include defenses
Full set of transformation rules
• Distributivity (A ∨ B) ∧ C → (A ∧ C) ∨ (B ∧ C)• 1−level absorption (A ∧ B) ∨ A → A
• 2−level absorption as above• Double negation ¬¬A → A
• Empty refinement no formula• Associativity (∨ and ∧) (A ∨ B) ∨ C → A ∨ B ∨ C
• De Morgan (∨ and ∧) ¬(A ∨ B) → ¬A ∧ ¬B
• Idempotency (∨ and ∧) X ∨ X → X
18/23
![Page 44: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/44.jpg)
The new approach to include defenses
Full set of transformation rules
• Distributivity (A ∨ B) ∧ C → (A ∧ C) ∨ (B ∧ C)• 1−level absorption (A ∧ B) ∨ A → A
• 2−level absorption as above• Double negation ¬¬A → A
• Empty refinement no formula• Associativity (∨ and ∧) (A ∨ B) ∨ C → A ∨ B ∨ C
• De Morgan (∨ and ∧) ¬(A ∨ B) → ¬A ∧ ¬B
• Idempotency (∨ and ∧) X ∨ X → X
18/23
![Page 45: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/45.jpg)
The new approach to include defenses
Full set of transformation rules
• Distributivity (A ∨ B) ∧ C → (A ∧ C) ∨ (B ∧ C)• 1−level absorption (A ∧ B) ∨ A → A
• 2−level absorption as above• Double negation ¬¬A → A
• Empty refinement no formula• Associativity (∨ and ∧) (A ∨ B) ∨ C → A ∨ B ∨ C
• De Morgan (∨ and ∧) ¬(A ∨ B) → ¬A ∧ ¬B
• Idempotency (∨ and ∧) X ∨ X → X
18/23
![Page 46: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/46.jpg)
The new approach to include defenses
Currently working on
Proving the uniqueness of the normal forms
Requires: • Strong termination (Patrick - almost finished)Applying rules indefinitely is not possible
• Local confluence (Barbara - finished)Order of applying the rules leads to same result
19/23
![Page 47: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/47.jpg)
The new approach to include defenses
Currently working on
Proving the uniqueness of the normal forms
Requires: • Strong termination (Patrick - almost finished)Applying rules indefinitely is not possible
• Local confluence (Barbara - finished)Order of applying the rules leads to same result
19/23
![Page 48: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/48.jpg)
The new approach to include defenses
Currently working on
Proving the uniqueness of the normal forms
Requires: • Strong termination (Patrick - almost finished)Applying rules indefinitely is not possible
• Local confluence (Barbara - finished)Order of applying the rules leads to same result
19/23
![Page 49: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/49.jpg)
The new approach to include defenses
Termination function
Termination function:A function from the trees into a totally ordered set,s.t. the value before applying a transformation rule >
the value after applying a transformation rule.
20/23
![Page 50: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/50.jpg)
The new approach to include defenses
Termination function
Termination function:A function from the trees into a totally ordered set,s.t. the value before applying a transformation rule >
the value after applying a transformation rule.
Whiteboard
20/23
![Page 51: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/51.jpg)
Future work
1 Intuition and overview of existing approaches to model attacks
2 Attack Trees
3 The new approach to include defenses
4 Future work
21/23
![Page 52: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/52.jpg)
Future work
Work on generalizing the framework
Introduce attributes to the leaves
Allow directed acyclic graphs
Consider temporal order of children
Check out the two existing software packages
. . .
22/23
![Page 53: On Attack/Defense TreesOn Attack/Defense Trees Patrick Schweitzer SaToSS, Faculty of Sciences, Communication and Technology University of Luxembourg November 17th 2009 1/23. Outline](https://reader034.vdocuments.site/reader034/viewer/2022050215/5f614be5fb542a57e14cb71c/html5/thumbnails/53.jpg)
Summary
1 Intuition and overview of existing approaches to model attacks
2 Attack Trees
3 The new approach to include defenses
4 Future work
23/23