Effective Analysis of Attack Trees: A Model-Driven Approach

Rajesh Kumar; Stefano Schivo; Enno Jozef Johannes Ruijters; Bugra Mehmet Yildiz; David Julius Huistra; Jacco Brandt; Arend Rensink; Mariëlle Ida Antoinette Stoelinga

doi:10.1007/978-3-319-89363-1_4

Effective Analysis of Attack Trees

A Model-Driven Approach

Rajesh Kumar, Stefano Schivo, Enno Jozef Johannes Ruijters, Bugra Mehmet Yildiz, David Julius Huistra, Jacco Brandt, Arend Rensink, Mariëlle Ida Antoinette Stoelinga

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceeding › Academic › peer-review

Abstract

Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features.We present ATTop, a software bridging tool that enables automated analysis of ATs using a model-driven engineering approach. ATTop fulfills two purposes: 1. It facilitates interoperation between several AT analysis methodologies and resulting tools (e.g., ATE, ATCalc, ADTool 2.0), 2. it can perform a comprehensive analysis of attack trees by translating them into timed automata and analyzing them using the popular model checker Uppaal, and translating the analysis results back to the original ATs. Technically, our approach uses various metamodels to provide a unified description of AT variants. Based on these metamodels, we perform model transformations that allow to apply various analysis methods to an AT and trace the results back to the AT domain. We illustrate our approach on the basis of a case study from the AT literature.

Original language	English
Title of host publication	Fundamental Approaches to Software Engineering
Subtitle of host publication	FASE 2018
Editors	Alessandra Russo, Andreas Schürr
Place of Publication	Cham
Publisher	Springer
Pages	56-73
Number of pages	18
ISBN (Electronic)	9783319893631
ISBN (Print)	9783319893624
DOIs	https://doi.org/10.1007/978-3-319-89363-1_4
Publication status	Published - 4 Apr 2018
Event	International Conference on Fundamental Approaches to Software Engineering - Thessaloniki, Greece Duration: 16 Apr 2018 → 19 Apr 2018 https://link.springer.com/book/10.1007/978-3-319-89363-1

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10802

Conference

Conference	International Conference on Fundamental Approaches to Software Engineering
Abbreviated title	FASE 2018
Country	Greece
City	Thessaloniki
Period	16/04/18 → 19/04/18
Internet address	https://link.springer.com/book/10.1007/978-3-319-89363-1

Fingerprint

Interoperability

Cite this

Kumar, R., Schivo, S., Ruijters, E. J. J., Yildiz, B. M., Huistra, D. J., Brandt, J., ... Stoelinga, M. I. A. (2018). Effective Analysis of Attack Trees: A Model-Driven Approach. In A. Russo, & A. Schürr (Eds.), Fundamental Approaches to Software Engineering: FASE 2018 (pp. 56-73). (Lecture Notes in Computer Science; Vol. 10802). Cham: Springer. https://doi.org/10.1007/978-3-319-89363-1_4

Kumar, Rajesh ; Schivo, Stefano ; Ruijters, Enno Jozef Johannes ; Yildiz, Bugra Mehmet ; Huistra, David Julius ; Brandt, Jacco ; Rensink, Arend ; Stoelinga, Mariëlle Ida Antoinette. / Effective Analysis of Attack Trees : A Model-Driven Approach. Fundamental Approaches to Software Engineering: FASE 2018. editor / Alessandra Russo ; Andreas Schürr. Cham : Springer, 2018. pp. 56-73 (Lecture Notes in Computer Science).

@inproceedings{a1da1d93212c4354b068d372bc700411,

title = "Effective Analysis of Attack Trees: A Model-Driven Approach",

abstract = "Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features.We present ATTop, a software bridging tool that enables automated analysis of ATs using a model-driven engineering approach. ATTop fulfills two purposes: 1. It facilitates interoperation between several AT analysis methodologies and resulting tools (e.g., ATE, ATCalc, ADTool 2.0), 2. it can perform a comprehensive analysis of attack trees by translating them into timed automata and analyzing them using the popular model checker Uppaal, and translating the analysis results back to the original ATs. Technically, our approach uses various metamodels to provide a unified description of AT variants. Based on these metamodels, we perform model transformations that allow to apply various analysis methods to an AT and trace the results back to the AT domain. We illustrate our approach on the basis of a case study from the AT literature.",

author = "Rajesh Kumar and Stefano Schivo and Ruijters, {Enno Jozef Johannes} and Yildiz, {Bugra Mehmet} and Huistra, {David Julius} and Jacco Brandt and Arend Rensink and Stoelinga, {Mari{\"e}lle Ida Antoinette}",

year = "2018",

month = "4",

day = "4",

doi = "10.1007/978-3-319-89363-1_4",

language = "English",

isbn = "9783319893624",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "56--73",

editor = "Alessandra Russo and Andreas Sch{\"u}rr",

booktitle = "Fundamental Approaches to Software Engineering",

}

Kumar, R, Schivo, S, Ruijters, EJJ, Yildiz, BM, Huistra, DJ, Brandt, J, Rensink, A & Stoelinga, MIA 2018, Effective Analysis of Attack Trees: A Model-Driven Approach. in A Russo & A Schürr (eds), Fundamental Approaches to Software Engineering: FASE 2018. Lecture Notes in Computer Science, vol. 10802, Springer, Cham, pp. 56-73, International Conference on Fundamental Approaches to Software Engineering, Thessaloniki, Greece, 16/04/18. https://doi.org/10.1007/978-3-319-89363-1_4

Effective Analysis of Attack Trees : A Model-Driven Approach. / Kumar, Rajesh; Schivo, Stefano; Ruijters, Enno Jozef Johannes; Yildiz, Bugra Mehmet; Huistra, David Julius; Brandt, Jacco; Rensink, Arend; Stoelinga, Mariëlle Ida Antoinette.

Fundamental Approaches to Software Engineering: FASE 2018. ed. / Alessandra Russo; Andreas Schürr. Cham : Springer, 2018. p. 56-73 (Lecture Notes in Computer Science; Vol. 10802).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceeding › Academic › peer-review

TY - GEN

T1 - Effective Analysis of Attack Trees

T2 - A Model-Driven Approach

AU - Kumar, Rajesh

AU - Schivo, Stefano

AU - Ruijters, Enno Jozef Johannes

AU - Yildiz, Bugra Mehmet

AU - Huistra, David Julius

AU - Brandt, Jacco

AU - Rensink, Arend

AU - Stoelinga, Mariëlle Ida Antoinette

PY - 2018/4/4

Y1 - 2018/4/4

N2 - Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features.We present ATTop, a software bridging tool that enables automated analysis of ATs using a model-driven engineering approach. ATTop fulfills two purposes: 1. It facilitates interoperation between several AT analysis methodologies and resulting tools (e.g., ATE, ATCalc, ADTool 2.0), 2. it can perform a comprehensive analysis of attack trees by translating them into timed automata and analyzing them using the popular model checker Uppaal, and translating the analysis results back to the original ATs. Technically, our approach uses various metamodels to provide a unified description of AT variants. Based on these metamodels, we perform model transformations that allow to apply various analysis methods to an AT and trace the results back to the AT domain. We illustrate our approach on the basis of a case study from the AT literature.

AB - Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features.We present ATTop, a software bridging tool that enables automated analysis of ATs using a model-driven engineering approach. ATTop fulfills two purposes: 1. It facilitates interoperation between several AT analysis methodologies and resulting tools (e.g., ATE, ATCalc, ADTool 2.0), 2. it can perform a comprehensive analysis of attack trees by translating them into timed automata and analyzing them using the popular model checker Uppaal, and translating the analysis results back to the original ATs. Technically, our approach uses various metamodels to provide a unified description of AT variants. Based on these metamodels, we perform model transformations that allow to apply various analysis methods to an AT and trace the results back to the AT domain. We illustrate our approach on the basis of a case study from the AT literature.

U2 - 10.1007/978-3-319-89363-1_4

DO - 10.1007/978-3-319-89363-1_4

M3 - Conference article in proceeding

SN - 9783319893624

T3 - Lecture Notes in Computer Science

SP - 56

EP - 73

BT - Fundamental Approaches to Software Engineering

A2 - Russo, Alessandra

A2 - Schürr, Andreas

PB - Springer

CY - Cham

ER -

Kumar R, Schivo S, Ruijters EJJ, Yildiz BM, Huistra DJ, Brandt J et al. Effective Analysis of Attack Trees: A Model-Driven Approach. In Russo A, Schürr A, editors, Fundamental Approaches to Software Engineering: FASE 2018. Cham: Springer. 2018. p. 56-73. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-89363-1_4

Access to Document

10.1007/978-3-319-89363-1_4Licence: CC BY