assisted generation of attack trees the atsyraprototype
play

Assisted Generation of Attack Trees : the ATSyRAprototype Sophie - PowerPoint PPT Presentation

Assisted Generation of Attack Trees : the ATSyRAprototype Sophie Pinchinat joint work with Mathieu Acher and Didier Vojtisek Universit e de Rennes 1 GraMSec, 13 July 2015 Outline Introductory example 1 Goal decomposition High-level


  1. Assisted Generation of Attack Trees : the ATSyRAprototype Sophie Pinchinat joint work with Mathieu Acher and Didier Vojtisek Universit´ e de Rennes 1 GraMSec, 13 July 2015

  2. Outline Introductory example 1 Goal decomposition High-level actions Experimenting ATSyRA 2 The ATSyRA prototype 3 2

  3. Introductory example Outline Introductory example 1 Goal decomposition High-level actions Experimenting ATSyRA 2 The ATSyRA prototype 3 3

  4. Introductory example A Building Specification 4

  5. Introductory example A three-level building 5

  6. Introductory example The attack objective Item locations Attacker 6

  7. Introductory example Do you think this is possible? How? 7

  8. Introductory example ATSyRA response We analyze a transition system of ≈ 1 . 6 × 10 13 states Existence of an attack scenarios: There is an attack ! 8

  9. Introductory example ATSyRA response We analyze a transition system of ≈ 1 . 6 × 10 13 states Attack scenarios generation TIMEOUT! even pushing it to a 10mn-long computation 8

  10. Introductory example What would the expert do in such a case? 9

  11. Introductory example Goal decomposition Goal decomposition (similarly to proof assistant tools) � � Outside ↓ Goal � � document Outside notDetected � � Outside ↓   direction access card Subgoal 1 staff access card   FF SupervisingPC  supervisiongPC key    notDetected  direction access card  staff access card   FF SupervisingPC   supervisiongPC key   Subgoal 2 notDetected ↓ � � document Outside notDetected 10

  12. Introductory example Goal decomposition   direction access card Subgoal 1: staff access card   Outside � � → FF SupervisingPC   supervisiongPC key   notDetected 11

  13. Introductory example Goal decomposition ATSyRA response for Subgoal 1   direction access card staff access card   � � Outside → FF SupervisingPC   supervisiongPC key   notDetected 12

  14. Introductory example Goal decomposition ATSyRA response for Subgoal 1   direction access card staff access card   � � Outside → FF SupervisingPC   supervisiongPC key   notDetected STILL TOO COMPLEX 12

  15. Introductory example Goal decomposition   direction access card Subgoal 2: � � staff access card document   FF SupervisingPC → Outside   supervisiongPC key notDetected   notDetected 13

  16. Introductory example Goal decomposition ATSyRA response for Subgoal 2 14

  17. Introductory example Goal decomposition ATSyRA response for Subgoal 2 virtual unlock_porte_PCSurveillance virtual virtual open_porte_PCSurveillance deactivate_alarme_batiment go_from_N2_PCSurveillance_to_N2_Couloir_by_porte_PCSurveillance unlock_ascenseur_dupersonnel_2_3 open_ascenseur_dupersonnel_2_3 go_from_N2_Couloir_to_N3_BureauAssistantDirection_by_ascenseur_dupersonnel_2_3 virtual virtual virtual go_from_N3_BureauAssistantDirection_to_N3_BureauDirection_by_porte_BureauDirection take_document go_from_N3_BureauDirection_to_N3_BureauAssistantDirection_by_porte_BureauDirection virtual unlock_ascenseur_dupersonnel_1_3 virtual go_from_N3_BureauAssistantDirection_to_HallEntree_by_ascenseur_dupersonnel_1_3 go_from_HallEntree_to_Ext_by_EntreePrincipale virtual virtual virtual virtual go_from_N3_BureauAssistantDirection_to_N2_Couloir_by_ascenseur_dupersonnel_2_3 go_from_N2_Couloir_to_N2_EchelleSecoursPonton_by_porte_N2_EchelleSecours open_echelle_secours_1_2 go_from_N2_EchelleSecoursPonton_to_Ext_by_echelle_secours_1_2 unlock_ascenseur_dupersonnel_1_3 open_ascenseur_dupersonnel_1_3 go_from_N3_BureauAssistantDirection_to_HallEntree_by_ascenseur_dupersonnel_1_3 go_from_HallEntree_to_Ext_by_EntreePrincipale open_ascenseur_dupersonnel_1_3 go_from_N3_BureauAssistantDirection_to_N3_BureauDirection_by_porte_BureauDirection take_document go_from_N3_BureauDirection_to_N3_BureauAssistantDirection_by_porte_BureauDirection go_from_N3_BureauAssistantDirection_to_N3_BureauDirection_by_porte_BureauDirection take_document go_from_N3_BureauDirection_to_N3_BureauAssistantDirection_by_porte_BureauDirection open_ascenseur_dupersonnel_1_3 15

  18. Introductory example High-level actions High-level actions for Subgoal 2 ⇓ ⇓ 16

  19. Introductory example High-level actions High-level actions for Subgoal 2 17

  20. Introductory example High-level actions High-level actions Low-level actions are automatically generated 18

  21. Introductory example High-level actions High-level actions Low-level actions are automatically generated “Easy” higher-level actions can be generated 18

  22. Introductory example High-level actions High-level actions Low-level actions are automatically generated “Easy” higher-level actions can be generated The expert can also develop his vocabulary 18

  23. Introductory example High-level actions High-level actions Low-level actions are automatically generated “Easy” higher-level actions can be generated The expert can also develop his vocabulary HLA expressions HLA ID = α ; where α ::= a | ( α | α ) | α, α | α & α The expert can also stratify 18

  24. Experimenting ATSyRA Outline Introductory example 1 Goal decomposition High-level actions Experimenting ATSyRA 2 The ATSyRA prototype 3 19

  25. Experimenting ATSyRA   direction access card Subgoal 2: � � staff access card document   FF SupervisingPC → Outside   supervisiongPC key notDetected   notDetected 20

  26. The ATSyRA prototype Outline Introductory example 1 Goal decomposition High-level actions Experimenting ATSyRA 2 The ATSyRA prototype 3 21

  27. The ATSyRA prototype The ATSyRA workflow System description HLA start (1) start (3) (DSL) description (DSL) Reachability analysis Set of attack (a) (2) Model-checking scenarios ➁ ➀ Synthesis (b) ➂ Attack tree (4) ➃ Attack tree analysis tool (ADTool) 22

  28. The ATSyRA prototype Discussion Short term Improve both specification languages Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. ( ¬ staff access card.pos=attacker) U (reach goal).) Select/suggest a virtual node to generate an HLA 23

  29. The ATSyRA prototype Discussion Short term Improve both specification languages Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. ( ¬ staff access card.pos=attacker) U (reach goal).) Select/suggest a virtual node to generate an HLA Good tools for editing trees, choose abstract level for display 23

  30. The ATSyRA prototype Discussion Short term Improve both specification languages Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. ( ¬ staff access card.pos=attacker) U (reach goal).) Select/suggest a virtual node to generate an HLA Good tools for editing trees, choose abstract level for display Parsing scenorios with HLA Very combinatorial, currently the rules are not complete enough Need heuristics and backtracking to synthesize even more succinct trees Mathematical characterization of the optimal solutions we want to generate 23

  31. The ATSyRA prototype Discussion Short term Improve both specification languages Easy ways to select a subgoal, a sub-building, etc. Connect subgoals For subgoal: exploit temporal logic from the Model-checker (e.g. ( ¬ staff access card.pos=attacker) U (reach goal).) Select/suggest a virtual node to generate an HLA Good tools for editing trees, choose abstract level for display Parsing scenorios with HLA Very combinatorial, currently the rules are not complete enough Need heuristics and backtracking to synthesize even more succinct trees Mathematical characterization of the optimal solutions we want to generate Long term Towards other kinds of systems, typically cyber intrusions Guards, Defense (counter-measures) 23

  32. The ATSyRA prototype The partners IRISA LogicA DiversE EMSEC LIP6 DGA Thank you for your attention! 24

Recommend


More recommend