Dynamic Attack Trees

1. Ali, A. T., & Gruska, D. P. (2021, September). Dynamic Attack Trees. In OVERLAY@ GandALF (pp. 25-29).

2. ABSTRACT : Propose an extension of attack trees, called Dynamic Attack Trees, that allows us to model and analyse assets with dynamic threat environment that can interacts with external objects over time

3. 1. Introduction and Motivation

3.1. In recent years, safety-critical infrastructures (CI) become widely adopted as part of digital transformation. Protecting CI’s ecosystem against potential attacks is crucial as most legacy systems and infrastructures integrate emerging technologies while maintaining their original design and characteristics

3.2. One such approach for threat analysis methods is the attack trees, a popular approach used for threats, and risk analysis for different kinds of assets. Using this formalism, varying ways an asset may be compromised are modelled as a tree

3.3. PROBLEM STATEMENTS : An attack tree is a tree-based formalism inspired by fault trees, and they are used to model (mostly static) threats. On the other hand, assets nowadays are hybrid, Integrating the physical world to the digital world. This integration poses a great challenge when applying attack trees for the threat modelling. The threat environment is everchanging due to agents behaviour, and the vulnerability landscape is erratic due to infrastructure updates. If such assets are to be analysed using attack trees, the estimated annotations of the tree needs to be updated regularly to reflect both behaviours

4. 2. Dynamic Attack Trees

4.1. Intuitively, the sets of nodes in an attack tree represents areas/components of an asset that a malicious user can compromise to attain a malicious goal, this set of objects can also serve as attack vector to any asset they can interact with

4.2. Informally, a threat environment is a state of operation which exposed an asset to a (new) set of vulnerabilities and, these vulnerabilities can only be exploited while the asset remains in that state

4.3. An attack actions are set of efforts that a malicious user can perform in order to compromise vulnerabilities, An attack will not succeed if an attacker cannot complete executing the attack actions and the threat environment changed

5. 3. Dynamic Attack Trees Analysis

5.1. The sets of nodes in the tree represents a set of states in the timed automata, the root node represents a final state, the set of edges represents a set of transition relations, and the set of attack actions represents a set of events

5.2. CONCLUSION & FUTURE WORK : The work described here is still in-progress, additional work is being conducted. An attack tree for a big and complex asset is usually very big; adding set of external objects that can be incorporated to the tree over time adds more complexity and number of states. In our next work, we will formally define, and extend dynamic attack trees translate that will include multiple threat environments. We will model (using UPPAAL) and analyse some working projects