Defence trees are used to represent attack and defence strategies in security scenarios; the aim in such scenarios is to select the best set of countermeasures that are able to stop all the vulnerabilities. In order to represent preferences among possible countermeasures of a given attack, defence trees are enriched with conditional preferences, obtaining a new structure called CP-defence tree. In this paper we transform a CP-defence tree with preferences among attacks and countermeasures in an Answer Set Optimization (ASO) program. The ASO program, representing the overall scenario, is a special composition of the programs associated to each branch of a CP-defence tree. We describe an implementation that select the best set of countermeasure able to mitigate all the vulnerabilities by computing the optimal answer set of the corresponding ASO program.
Analyzing security scenarios using Defence Trees and Answer Set Programming
BISTARELLi, Stefano;
2008
Abstract
Defence trees are used to represent attack and defence strategies in security scenarios; the aim in such scenarios is to select the best set of countermeasures that are able to stop all the vulnerabilities. In order to represent preferences among possible countermeasures of a given attack, defence trees are enriched with conditional preferences, obtaining a new structure called CP-defence tree. In this paper we transform a CP-defence tree with preferences among attacks and countermeasures in an Answer Set Optimization (ASO) program. The ASO program, representing the overall scenario, is a special composition of the programs associated to each branch of a CP-defence tree. We describe an implementation that select the best set of countermeasure able to mitigate all the vulnerabilities by computing the optimal answer set of the corresponding ASO program.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
