Page d'accueil // Recherche // FSTC // Computer Sci... // Projets de r... // Attack-Defence Trees: Theory Meets Practice

Attack-Defence Trees: Theory Meets Practice

Code budgetaire: C13/IS/5809105
Financement: FNR - CORE
Date de début: 1 septembre 2014
Date de fin: 31 août 2017

Description

Threat and risk analysis are crucial steps in developing secure and usable ICT solutions. An optimal security assessment methodology should combine sound, mathematical foundations with practical and user friendly criteria, which explains their increasing popularity over the last decade.

Attack--defense trees (ADTrees) augment attack trees by including defensive measures into the model. They provide the means to qualitatively and quantitatively assess security. The extended formalism allows for an improved analysis, without however requiring additional computational power.

The objective of the ADT2P project is to elevate the attack--defense tree methodology to an industrially applicable security analysis framework and to integrate it with standard risk assessment tools. In order to achieve this goal, fundamental research as well as practical validation will be performed. ADTrees will be extended with additional features that are necessary to model real-life scenarios. This will include introducing the notions of actors and objects as well as defining dedicated security measures, such as risk and impact. New algorithms that can cope with large-scale models as well as methods to construct ADTrees from generic attack and defense patterns will be designed. For this, the automatic composition of models will be investigated. Finally, a new version of ADTool, a software tool supporting the ADTree formalism, will be released.

The ADT2P project will build upon the expertise of ADTrees, which was gained within the FNR CORE project ATREES (http://satoss.uni.lu/projects/atrees/). Collaboration with the industrial partners SINTEF and THALES will ensure that the proposed methodology will be highly usable and practical. By integrating the project results into existing security and risk assessment solutions, ADT2P will assist small and mid-size auditing and consulting companies in providing better and more accurate security assessment.

Membres