Conférence : sefm, 15 septembre 2020
ADTrees (Attack-Defense Trees) are graphical security mod- eling tools used to logically represent attack scenarios along with their corresponding countermeasures in a user-friendly way. Many researchers nowadays use ADTrees to represent attack scenarios and perform quan- titative as well as qualitative security assessment. Among all di erent existing quantitative security assessment techniques, CTMCs (Continu- ous Time Markov Chains) have been attractively adopted for ADTrees. ADTrees are usually transformed into CTMCs, where traditional stochas- tic quantitative analysis approaches can be applied. For that end, the correct transformation of an ADTree to a CTMC requires that each in- dividual element of an ADTree should have its correct and complete representation in the corresponding CTMC. In this paper, we mainly focus on modeling countermeasures in ADTrees using CTMCs. The ex- isting CTMC-model does not provide a precise and complete model- ing capability, in particular, when cascaded-countermeasures are used. Cascaded-countermeasures occur when an attacker and a defender in a given ADTree recursively counter each other more than one time in a given branch of the tree. We propose the notion of tokenized-CTMC to construct a new CTMC-model that can precisely model and represent countermeasures in ADTrees. This new CTMC-model allows to handle cascaded-countermeasure scenarios in a more comprehensive way.