Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

27360 Quantitative security and safety analysis with attack-fault trees
Home Policy Brochure Browse Search User Area Contact Help

Kumar, Rajesh and Stoelinga, M.I.A. (2017) Quantitative security and safety analysis with attack-fault trees. In: Proceeding of the 18th IEEE International Symposium on High Assurance Systems Engineering, 12-14 Jan 2017, Singapore. IEEE Computer Society.

Full text available as:

- Univ. of Twente only
615 Kb


Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks).

This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-FMT: Formal Methods and Tools
Research Program:CTIT-General
Research Project:TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Additional Information:Foreground = 50% ; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 40; Countries addressed = international;
Uncontrolled Keywords:Safety and security modelling, Stochastic model checking, Multi parameter attack trees, Quantitative analysis
ID Code:27360
Status:Accepted for publication
Deposited On:10 November 2016
More Information:statistics

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item