# Parametric analyses of attack-fault trees

**Authors:** \'Etienne Andr\'e, Didier Lime, Mathias Ramparison, Mari\"elle, Stoelinga

arXiv: 1902.04336 · 2019-05-10

## TL;DR

This paper introduces a method to analyze attack-fault trees by translating them into parametric weighted timed automata, enabling the computation of attack scenarios based on various attacker parameters for improved risk assessment.

## Contribution

It presents a novel translation of attack-fault trees into parametric weighted timed automata and uses model-checking to analyze attack scenarios based on different parameters.

## Key findings

- Allows parametrization of attack scenarios with time and cost
- Enables computation of parameter sets for successful attacks
- Supports selection of effective counter-measures

## Abstract

Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to help considering these problems is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parametrize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, to compute the set of parameter values such that a successful attack is possible. Using the different sets of parameter values computed, different attack and fault scenarios can be deduced depending on the budget, time or computation power of the attacker, providing helpful data to select the most efficient counter-measure.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.04336/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1902.04336/full.md

## References

36 references — full list in the complete paper: https://tomesphere.com/paper/1902.04336/full.md

---
Source: https://tomesphere.com/paper/1902.04336