Efficient attack-defense tree analysis using pareto attribute domains

Abstract

The cheapest attacks are often time-consuming, and those requiring high level of technical skills might occur rarely but result in disastrous consequences. Therefore, analysis focusing on a single parameter at a time, e.g., only cost or time, is insufficient for the successful selection of the appropriate measures increasing system's security. In practice, security engineers are thus confronted with the problem of multi-parameter analysis. The objective of this work is to address this problem and propose a sound, general framework for multi-parameter analysis of security. In order to ensure the usability of our solution for real-life applications, our proposal relies on the attack-defense tree model that security experts from industry are already familiar with. We present mathematical foundations of our framework and characterize the class of parameters it is suitable for. We identify conditions under which the proposed method applies to attack-defense trees where several nodes represent the same action. We discuss the complexity of our approach and implement the underlying algorithms in a proof of concept tool. We analyze its performance on a number of trees of varying complexity, and validate our proposal on a case study borrowed from industry.