1,721,035 research outputs found
A formal model for a supervisory controller of a calculating subsystem driver: a case study in the TIS domain
Full text linkATM:A Logic for Quantitative Security Properties on Attack Trees
Full text linkCritical infrastructure systems—for which high reliability and availability are paramount—must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but—in spite of their popularity—little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting , a logic to express quantitative security properties on ATs. allows for the specification of properties involved with security metrics that include “cost”, “probability” and “skill” and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms—based on binary decision diagrams—to check properties and compute metrics of -formulae.</p
Attack time analysis in dynamic attack trees via integer linear programming
Full text linkAttack trees (ATs) are an important tool in security analysis, and an
important part of AT analysis is computing metrics. However, metric computation
is NP-complete in general. In this paper, we showcase the use of mixed integer
linear programming (MILP) as a tool for quantitative analysis. Specifically, we
use MILP to solve the open problem of calculating the min time metric of
dynamic ATs, i.e., the minimal time to attack a system. We also present two
other tools to further improve our MILP method: First, we show how the
computation can be sped up by identifying the modules of an AT, i.e. subtrees
connected to the rest of the AT via only one node. Second, we define a general
semantics for dynamic ATs that significantly relaxes the restrictions on attack
trees compared to earlier work, allowing us to apply our methods to a wide
variety of ATs. Experiments on a synthetic testing set of large ATs verify that
both the integer linear programming approach and modular analysis considerably
decrease the computation time of attack time analysis
Model-based interface framework : an extensible framework for automatic generation of test cases and wrappers
Full text linkA Formalization of Heisenbugs and Their Causes
Full text linkThe already challenging task of identifying the cause of a bug becomes even more cumbersome if those bugs disappear or change their behavior under observation. Such bugs occur in a range of contexts including elusive concurrency bugs as well as unintended system alterations during debugging and—as a pun on the name of Werner Heisenberg—are often referred to as Heisenbugs. Heisenbugs can be caused by various sources of nondeterminism on different system levels, many of which developers and testers might not even be aware of. This paper provides formal foundations for rigorously reasoning about causes of Heisenbugs. It provides a formal definition of Heisenbugs in terms of a hyperproperty and introduces a framework for determining the causality of Heisenbugs in presence of multiple candidate causes based on said hyperproperty. We analyze the properties of causes and the implications on practical causal analyses
- …
