Dec 15, 2015: David Huistra: Generating Attack Trees by Unfolding a Graph Production System

December 15, 2015Generating Attack Trees by Unfolding a Graph Production System
Room: HB 2ADavid Huistra

In the security domain, attack trees are used to analyze the different possible attacks an attacker might undertake, for example to prioritize the prevention of those attacks. The key to successfully using attack trees is that they contain all possible attacks. Manually developing such an attack tree is however a labor intensive and error-prone task. Therefore we investigated if we can generate attack trees that contain all possible attacks for a given system/organization.

So far we discovered that general purpose model checkers, in combination with a model of the organization and predefined set of attacker actions, can be used to explore the possible attacks. Using a naive approach however results in a state-space explosion that makes it unfeasible for larger input models. Therefore we looked into a form of partial-order reduction called Unfolding. A Unfolding of a GPS is a single branching structure that describes the behavior of the GPS, or in our case the behavior of the attacker. From such an unfolding we can extract the possible attacks and construct an attack tree.

Sidenote: As this topic does not lay inside of most people's comfort zone, a (lengthy) introduction into the security domain, Attack Trees, Graph Production Systems and Unfolding construction will be given.

project description