Effective Analysis of Attack Trees: A Model-Driven Approach

Rajesh Kumar, Stefano Schivo, Enno Jozef Johannes Ruijters, Bugra Mehmet Yildiz, David Julius Huistra, Jacco Brandt, Arend Rensink, Mariëlle Ida Antoinette Stoelinga

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingAcademicpeer-review

Abstract

Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features.We present ATTop, a software bridging tool that enables automated analysis of ATs using a model-driven engineering approach. ATTop fulfills two purposes: 1. It facilitates interoperation between several AT analysis methodologies and resulting tools (e.g., ATE, ATCalc, ADTool 2.0), 2. it can perform a comprehensive analysis of attack trees by translating them into timed automata and analyzing them using the popular model checker Uppaal, and translating the analysis results back to the original ATs. Technically, our approach uses various metamodels to provide a unified description of AT variants. Based on these metamodels, we perform model transformations that allow to apply various analysis methods to an AT and trace the results back to the AT domain. We illustrate our approach on the basis of a case study from the AT literature.
Original languageEnglish
Title of host publicationFundamental Approaches to Software Engineering
Subtitle of host publicationFASE 2018
EditorsAlessandra Russo, Andreas Schürr
Place of PublicationCham
PublisherSpringer
Pages56-73
Number of pages18
ISBN (Electronic)9783319893631
ISBN (Print)9783319893624
DOIs
Publication statusPublished - 4 Apr 2018
EventInternational Conference on Fundamental Approaches to Software Engineering - Thessaloniki, Greece
Duration: 16 Apr 201819 Apr 2018
https://link.springer.com/book/10.1007/978-3-319-89363-1

Publication series

SeriesLecture Notes in Computer Science
Volume10802

Conference

ConferenceInternational Conference on Fundamental Approaches to Software Engineering
Abbreviated titleFASE 2018
CountryGreece
CityThessaloniki
Period16/04/1819/04/18
Internet address

    Fingerprint

Cite this

Kumar, R., Schivo, S., Ruijters, E. J. J., Yildiz, B. M., Huistra, D. J., Brandt, J., Rensink, A., & Stoelinga, M. I. A. (2018). Effective Analysis of Attack Trees: A Model-Driven Approach. In A. Russo, & A. Schürr (Eds.), Fundamental Approaches to Software Engineering: FASE 2018 (pp. 56-73). Springer. Lecture Notes in Computer Science, Vol.. 10802 https://doi.org/10.1007/978-3-319-89363-1_4