Modeling Attack-Defense Trees’ Countermeasures using Continuous Time Markov Chains

ADTrees (Attack-Defense Trees) are graphical security mod-
eling tools used to logically represent attack scenarios along with their
corresponding countermeasures in a user-friendly way. Many researchers
nowadays use ADTrees to represent attack scenarios and perform quan-
titative as well as qualitative security assessment. Among all di erent
existing quantitative security assessment techniques, CTMCs (Continu-
ous Time Markov Chains) have been attractively adopted for ADTrees.
ADTrees are usually transformed into CTMCs, where traditional stochas-
tic quantitative analysis approaches can be applied. For that end, the
correct transformation of an ADTree to a CTMC requires that each in-
dividual element of an ADTree should have its correct and complete
representation in the corresponding CTMC. In this paper, we mainly
focus on modeling countermeasures in ADTrees using CTMCs. The ex-
isting CTMC-model does not provide a precise and complete model-
ing capability, in particular, when cascaded-countermeasures are used.
Cascaded-countermeasures occur when an attacker and a defender in a
given ADTree recursively counter each other more than one time in a
given branch of the tree. We propose the notion of tokenized-CTMC to
construct a new CTMC-model that can precisely model and represent
countermeasures in ADTrees. This new CTMC-model allows to handle
cascaded-countermeasure scenarios in a more comprehensive way.