Diagnosability of Attack Trees
摘要
Attack trees which can express both the time and cost of an attack are presented. We then consider a defender who can partially observe the system and thus obtain partial information about the state of the not-yet-completed attack. From this (s)he tries to derive complete information about all actions of the attacker. When this is possible, we call such systems diagnosable. We study a diagnosable system, the relation between diagnosability and the security property called initial state opacity is shown, and in addition, several ways to increase the security of the system are discussed.