Attack trees which can express both the time and cost of an attack are presented. We then consider a defender who can partially observe the system and thus obtain partial information about the state of the not-yet-completed attack. From this (s)he tries to derive complete information about all actions of the attacker. When this is possible, we call such systems diagnosable. We study a diagnosable system, the relation between diagnosability and the security property called initial state opacity is shown, and in addition, several ways to increase the security of the system are discussed.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Diagnosability of Attack Trees

  • Damas Gruska,
  • Aliyu Tanko Ali,
  • Martin Leucker

摘要

Attack trees which can express both the time and cost of an attack are presented. We then consider a defender who can partially observe the system and thus obtain partial information about the state of the not-yet-completed attack. From this (s)he tries to derive complete information about all actions of the attacker. When this is possible, we call such systems diagnosable. We study a diagnosable system, the relation between diagnosability and the security property called initial state opacity is shown, and in addition, several ways to increase the security of the system are discussed.