Papers
Topics
Authors
Recent
Search
2000 character limit reached

Attack tree metrics are operad algebras

Published 18 Jan 2024 in cs.CR and math.CT | (2401.10008v1)

Abstract: Attack Trees (ATs) are a widely used tool for security analysis. ATs can be employed in quantitative security analysis through metrics, which assign a security value to an AT. Many different AT metrics exist, and there exist multiple general definitions that aim to study a wide variety of AT metrics at once. However, these all have drawbacks: they do not capture all metrics, and they do not easily generalize to extensions of ATs. In this paper, we introduce a definition of AT metrics based on category theory, specifically operad algebras. This encompasses all previous definitions of AT metrics, and is easily generalized to extensions of ATs. Furthermore, we show that under easily expressed operad-theoretic conditions, existing metric calculation algorithms can be extended in considerable generality.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (30)
  1. John C Baez and Nina Otter ā€œOperads and phylogenetic treesā€ Preprint In arXiv:1512.03337, 2015
  2. ā€œDetermining the probability of smart grid attacks by combining attack tree and attack graph analysisā€ In International Workshop on Smart Grid Security, 2014, pp. 30ā€“47 Springer
  3. Andrea Bobbio, Lavinia Egidi and Roberta Terruggia ā€œA methodology for qualitative/quantitative analysis of weighted attack treesā€ In IFAC Proceedings Volumes 46.22 Elsevier, 2013, pp. 133ā€“138
  4. ā€œEvil twins: handling repetitions in attackā€“defense treesā€ In International Workshop on Graphical Models for Security, 2017, pp. 17ā€“37 Springer
  5. Tai-Danae Bradley ā€œEntropy as a topological operad derivationā€ In Entropy 23.9 MDPI, 2021, pp. 1195
  6. Randal E. Bryant ā€œGraph-based algorithms for boolean function manipulationā€ In Computers, IEEE Transactions on 100.8 IEEE, 1986, pp. 677ā€“691
  7. Randal E. Bryant ā€œSymbolic boolean manipulation with ordered binary-decision diagramsā€ In ACM Computing Surveys (CSUR) 24.3 ACM New York, NY, USA, 1992, pp. 293ā€“318
  8. Carlos E Budde and MariĆ«lle Stoelinga ā€œEfficient algorithms for quantitative attack tree analysisā€ In 2021 IEEE 34th Computer Security Foundations Symposium (CSF), 2021, pp. 1ā€“15 IEEE
  9. Huiyu Dong, Hongwei Wang and Tao Tang ā€œAn attack tree-based approach for vulnerability assessment of communication-based train control systemsā€ In 2017 Chinese Automation Congress (CAC), 2017, pp. 6407ā€“6412 IEEE
  10. Martin Doubek, Branislav Jurco and Lada Peksova ā€œProperads and Homotopy Algebras Related to Surfacesā€ In arXiv preprint arXiv:1708.01195, 2017
  11. ā€œA linear-time algorithm to find modules of fault treesā€ In IEEE Transactions on Reliability 45.3 IEEE, 1996, pp. 422ā€“425
  12. ā€œEfficient attack-defense tree analysis using Pareto attribute domainsā€ In 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), 2019, pp. 200ā€“20015 IEEE
  13. ā€œOperads for complex system design specification, analysis and synthesisā€ In Proceedings of the Royal Society A 477.2250 The Royal Society Publishing, 2021, pp. 20210099
  14. ā€œAttack trees with sequential conjunctionā€ In IFIP International Information Security and Privacy Conference, 2015, pp. 339ā€“353 Springer
  15. Parvaiz Ahmed Khand and Poong Hyun Seong ā€œAn attack model development process for the cyber security of safety related nuclear digital I&C systemsā€ In Proceedings of the Korean Nucleary Society (KNS) Fall meeting, 2007
  16. ā€œOn quantitative analysis of attackā€“defense trees with repeated labelsā€ In International Conference on Principles of Security and Trust, 2018, pp. 325ā€“346 Springer
  17. ā€œFoundations of attackā€“defense treesā€ In International Workshop on Formal Aspects in Security and Trust, 2010, pp. 80ā€“95 Springer
  18. Rajesh Kumar, Enno Ruijters and MariĆ«lle Stoelinga ā€œQuantitative attack tree analysis via priced timed automataā€ In International Conference on Formal Modeling and Analysis of Timed Systems, 2015, pp. 156ā€“171 Springer
  19. Nikolaos Limnios ā€œFault treesā€ John Wiley & Sons, 2013
  20. Milan LopuhaƤ-Zwakenberg, Carlos E. Budde and MariĆ«lle Stoelinga ā€œEfficient and Generic Algorithms for Quantitative Attack Tree Analysisā€ In IEEE Transactions on Dependable and Secure Computing, 2022, pp. 1ā€“18 DOI: 10.1109/TDSC.2022.3215752
  21. ā€œAttack time analysis in dynamic attack trees via integer linear programmingā€ In arXiv preprint arXiv:2111.05114, 2021
  22. Martin Markl, Steven Shnider and James D Stasheff ā€œOperads in algebra, topology and physicsā€ American Mathematical Society Providence, RI, 2002
  23. ā€œFoundations of attack treesā€ In International Conference on Information Security and Cryptology, 2005, pp. 186ā€“198 Springer
  24. ā€œTime-to-compromise model for cyber risk reduction estimationā€ In Quality of protection Springer, 2006, pp. 49ā€“64
  25. JosĆ© Meseguer ā€œGeneral logicsā€ In Studies in Logic and the Foundations of Mathematics 129 Elsevier, 1989, pp. 275ā€“329
  26. Antoine Rauzy ā€œNew algorithms for fault trees analysisā€ In Reliability Engineering & System Safety 40.3 Elsevier, 1993, pp. 203ā€“211
  27. ā€œExact and truncated computations of prime implicants of coherent and non-coherent fault trees within Araliaā€ In Reliability Engineering & System Safety 58.2 Elsevier, 1997, pp. 127ā€“144
  28. Bruce Schneier ā€œAttack treesā€ In Dr. Dobbā€™s journal 24.12, 1999, pp. 21ā€“29
  29. Donald Yau ā€œColored operadsā€ American Mathematical Society, 2016
  30. Donald Yau ā€œOperads of wiring diagramsā€ Springer, 2018
Citations (1)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up