![DSpace logo](/jspui/image/logo.gif)
Please use this identifier to cite or link to this item:
http://dspace.bits-pilani.ac.in:8080/jspui/xmlui/handle/123456789/8393
Title: | Quantitative Security and Safety Analysis with Attack-Fault Trees |
Authors: | Kumar, Rajesh |
Keywords: | Computer Science Safety-security risk analysis Model-checking Attack trees Industrial case studies |
Issue Date: | 2017 |
Publisher: | IEEE |
Abstract: | Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security(i.e. no disruptions due to malicious attacks). This paper presents attack fault trees (AFTs), a formalism thatmarries fault trees (safety) and attack trees (security). We equipAFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path, (2) the most costly system failure, (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies. |
URI: | https://ieeexplore.ieee.org/document/7911867 http://dspace.bits-pilani.ac.in:8080/xmlui/handle/123456789/8393 |
Appears in Collections: | Department of Computer Science and Information Systems |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.