Analyzing Security Scenarios Using Defence Trees and Answer Set Programming
نویسندگان
چکیده
Defence trees are used to represent attack and defence strategies in security scenarios; the aim in such scenarios is to select the best set of countermeasures that are able to stop all the vulnerabilities. In order to represent preferences among possible countermeasures of a given attack, defence trees are enriched with conditional preferences, obtaining a new structure called CP-defence tree. In this paper we transform a CP-defence tree with preferences among attacks and countermeasures in an Answer Set Optimization (ASO) program. The ASO program, representing the overall scenario, is a special composition of the programs associated to each branch of a CP-defence tree. We describe an implementation that select the best set of countermeasure able to mitigate all the vulnerabilities by computing the optimal answer set of the corresponding ASO program.
منابع مشابه
Answer Set Optimization for and/or Composition of CP-Nets: A Security Scenario
Defence trees are used to represent attack and defence strategies in security scenarios; the aim in such scenarios is to select the best set of countermeasures have to be applied to stop all the vulnerabilities. To represent the preference among the possible countermeasures of a given attack, defence trees are enriched with CP-networks (CP-net for short). However, for complex trees, composing C...
متن کاملModeling and selecting countermeasures using CP-net and Answer Set Programming
In this paper, we present CP-defense trees for modelling security scenarios and for expressing qualitative preferences over attacks and countermeasures, and we show how to select the set of preferred countermeasures able to protect a system by translating CP-defense trees to Answer Set Optimization programs which contains preferences among attacks and countermeasures. By computing the optimal a...
متن کاملAnswer Set Optimization for and / or composition of CP - nets : a security scenario ? Student : Pamela Peretti
Defence trees and CP-net (ceteris paribus network) are two useful approaches that can be used to help a system administrator to analyze a security scenario and to give him a model to represent preferences among attacks and countermeasures in order to select the best set of countermeasures need to stop all the vulnerabilities. However, for complex trees, the use of CP-nets could be not always ef...
متن کاملEternal m-security subdivision numbers in graphs
An eternal $m$-secure set of a graph $G = (V,E)$ is aset $S_0subseteq V$ that can defend against any sequence ofsingle-vertex attacks by means of multiple-guard shifts along theedges of $G$. A suitable placement of the guards is called aneternal $m$-secure set. The eternal $m$-security number$sigma_m(G)$ is the minimum cardinality among all eternal$m$-secure sets in $G$. An edge $uvin E(G)$ is ...
متن کاملHow to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems
Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Electr. Notes Theor. Comput. Sci.
دوره 197 شماره
صفحات -
تاریخ انتشار 2008