Assisted Generation of Attack Trees : the ATSyRAprototype Sophie - - PowerPoint PPT Presentation

assisted generation of attack trees the atsyraprototype
SMART_READER_LITE
LIVE PREVIEW

Assisted Generation of Attack Trees : the ATSyRAprototype Sophie - - PowerPoint PPT Presentation

Feb 03, 2023 468 likes •807 views

Assisted Generation of Attack Trees : the ATSyRAprototype Sophie Pinchinat joint work with Mathieu Acher and Didier Vojtisek Universit e de Rennes 1 GraMSec, 13 July 2015 Outline Introductory example 1 Goal decomposition High-level

slide-1
SLIDE 1

Assisted Generation of Attack Trees : the ATSyRAprototype

Sophie Pinchinat

joint work with Mathieu Acher and Didier Vojtisek

Universit´ e de Rennes 1

GraMSec, 13 July 2015

slide-2
SLIDE 2

Outline

1

Introductory example Goal decomposition High-level actions

2

Experimenting ATSyRA

3

The ATSyRA prototype

2

slide-3
SLIDE 3

Introductory example

Outline

1

Introductory example Goal decomposition High-level actions

2

Experimenting ATSyRA

3

The ATSyRA prototype

3

slide-4
SLIDE 4

Introductory example

A Building Specification

4

slide-5
SLIDE 5

Introductory example

A three-level building

5

slide-6
SLIDE 6

Introductory example

The attack objective

Item locations Attacker

6

slide-7
SLIDE 7

Introductory example

Do you think this is possible? How?

7

slide-8
SLIDE 8

Introductory example

ATSyRA response

We analyze a transition system of ≈ 1.6 × 1013 states Existence of an attack scenarios: There is an attack !

8

slide-9
SLIDE 9

Introductory example

ATSyRA response

We analyze a transition system of ≈ 1.6 × 1013 states Attack scenarios generation TIMEOUT! even pushing it to a 10mn-long computation

8

slide-10
SLIDE 10

Introductory example

What would the expert do in such a case?

9

slide-11
SLIDE 11

Introductory example Goal decomposition

Goal decomposition (similarly to proof assistant tools)

Goal Outside

Outside

  • document

notDetected

  • Subgoal 1

Outside

FF SupervisingPC     direction access card staff access card supervisiongPC key notDetected     Subgoal 2 FF SupervisingPC     direction access card staff access card supervisiongPC key notDetected     ↓ Outside

  • document

notDetected

  • 10
slide-12
SLIDE 12

Introductory example Goal decomposition

Subgoal 1:

Outside

  • → FF SupervisingPC

    direction access card staff access card supervisiongPC key notDetected     11

slide-13
SLIDE 13

Introductory example Goal decomposition

ATSyRA response for Subgoal 1

Outside

  • → FF SupervisingPC

    direction access card staff access card supervisiongPC key notDetected     12

slide-14
SLIDE 14

Introductory example Goal decomposition

ATSyRA response for Subgoal 1

Outside

  • → FF SupervisingPC

    direction access card staff access card supervisiongPC key notDetected    

STILL TOO COMPLEX

12

slide-15
SLIDE 15

Introductory example Goal decomposition

Subgoal 2:

FF SupervisingPC     direction access card staff access card supervisiongPC key notDetected     → Outside

  • document

notDetected

  • 13
slide-16
SLIDE 16

Introductory example Goal decomposition

ATSyRA response for Subgoal 2

14

slide-17
SLIDE 17

Introductory example Goal decomposition

ATSyRA response for Subgoal 2

virtual unlock_porte_PCSurveillance virtual virtual
  • pen_porte_PCSurveillance
deactivate_alarme_batiment go_from_N2_PCSurveillance_to_N2_Couloir_by_porte_PCSurveillance unlock_ascenseur_dupersonnel_2_3
  • pen_ascenseur_dupersonnel_2_3
go_from_N2_Couloir_to_N3_BureauAssistantDirection_by_ascenseur_dupersonnel_2_3 virtual virtual go_from_N3_BureauAssistantDirection_to_N3_BureauDirection_by_porte_BureauDirection take_document go_from_N3_BureauDirection_to_N3_BureauAssistantDirection_by_porte_BureauDirection virtual virtual go_from_N3_BureauAssistantDirection_to_N2_Couloir_by_ascenseur_dupersonnel_2_3 go_from_N2_Couloir_to_N2_EchelleSecoursPonton_by_porte_N2_EchelleSecours
  • pen_echelle_secours_1_2
go_from_N2_EchelleSecoursPonton_to_Ext_by_echelle_secours_1_2 virtual unlock_ascenseur_dupersonnel_1_3
  • pen_ascenseur_dupersonnel_1_3
go_from_N3_BureauAssistantDirection_to_HallEntree_by_ascenseur_dupersonnel_1_3 go_from_HallEntree_to_Ext_by_EntreePrincipale virtual unlock_ascenseur_dupersonnel_1_3 virtual virtual
  • pen_ascenseur_dupersonnel_1_3
go_from_N3_BureauAssistantDirection_to_N3_BureauDirection_by_porte_BureauDirection take_document go_from_N3_BureauDirection_to_N3_BureauAssistantDirection_by_porte_BureauDirection virtual go_from_N3_BureauAssistantDirection_to_N3_BureauDirection_by_porte_BureauDirection take_document go_from_N3_BureauDirection_to_N3_BureauAssistantDirection_by_porte_BureauDirection
  • pen_ascenseur_dupersonnel_1_3
go_from_N3_BureauAssistantDirection_to_HallEntree_by_ascenseur_dupersonnel_1_3 go_from_HallEntree_to_Ext_by_EntreePrincipale

15

slide-18
SLIDE 18

Introductory example High-level actions

High-level actions for Subgoal 2

⇓ ⇓

16

slide-19
SLIDE 19

Introductory example High-level actions

High-level actions for Subgoal 2

17

slide-20
SLIDE 20

Introductory example High-level actions

High-level actions

Low-level actions are automatically generated

18

slide-21
SLIDE 21

Introductory example High-level actions

High-level actions

Low-level actions are automatically generated “Easy” higher-level actions can be generated

18

slide-22
SLIDE 22

Introductory example High-level actions

High-level actions

Low-level actions are automatically generated “Easy” higher-level actions can be generated The expert can also develop his vocabulary

18

slide-23
SLIDE 23

Introductory example High-level actions

High-level actions

Low-level actions are automatically generated “Easy” higher-level actions can be generated The expert can also develop his vocabulary HLA expressions HLA ID = α; where α ::= a | (α|α) | α, α | α&α The expert can also stratify

18

slide-24
SLIDE 24

Experimenting ATSyRA

Outline

1

Introductory example Goal decomposition High-level actions

2

Experimenting ATSyRA

3

The ATSyRA prototype

19

slide-25
SLIDE 25

Experimenting ATSyRA

Subgoal 2:

FF SupervisingPC     direction access card staff access card supervisiongPC key notDetected     → Outside

  • document

notDetected

  • 20
slide-26
SLIDE 26

The ATSyRA prototype

Outline

1

Introductory example Goal decomposition High-level actions

2

Experimenting ATSyRA

3

The ATSyRA prototype

21

slide-27
SLIDE 27

The ATSyRA prototype

The ATSyRA workflow

System description (DSL) start (1) Reachability analysis Model-checking (a) Set of attack scenarios (2) HLA description (DSL) start (3) Synthesis Attack tree (4) (b) Attack tree analysis tool (ADTool) ➀ ➁ ➂ ➃

22

slide-28
SLIDE 28

The ATSyRA prototype

Discussion

Short term

Improve both specification languages

Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. (¬staff access card.pos=attacker)U(reach goal).) Select/suggest a virtual node to generate an HLA

23

slide-29
SLIDE 29

The ATSyRA prototype

Discussion

Short term

Improve both specification languages

Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. (¬staff access card.pos=attacker)U(reach goal).) Select/suggest a virtual node to generate an HLA

Good tools for editing trees, choose abstract level for display

23

slide-30
SLIDE 30

The ATSyRA prototype

Discussion

Short term

Improve both specification languages

Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. (¬staff access card.pos=attacker)U(reach goal).) Select/suggest a virtual node to generate an HLA

Good tools for editing trees, choose abstract level for display Parsing scenorios with HLA

Very combinatorial, currently the rules are not complete enough Need heuristics and backtracking to synthesize even more succinct trees Mathematical characterization of the optimal solutions we want to generate

23

slide-31
SLIDE 31

The ATSyRA prototype

Discussion

Short term

Improve both specification languages

Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. (¬staff access card.pos=attacker)U(reach goal).) Select/suggest a virtual node to generate an HLA

Good tools for editing trees, choose abstract level for display Parsing scenorios with HLA

Very combinatorial, currently the rules are not complete enough Need heuristics and backtracking to synthesize even more succinct trees Mathematical characterization of the optimal solutions we want to generate

Long term

Towards other kinds of systems, typically cyber intrusions Guards, Defense (counter-measures)

23

slide-32
SLIDE 32

The ATSyRA prototype

The partners

IRISA

LogicA DiversE EMSEC

LIP6 DGA Thank you for your attention!

24