Ranking risks and countermeasures is one of the foremost goals of quantitative security analysis. One of the popular frameworks, used also in industrial practice, for this task are attack-defense trees. Standard quantitative analyses available for attack-defense trees can distinguish likely from unlikely vulnerabilities. We provide a tool that allows for easy synthesis and analysis of those models, also featuring probabilities, costs and time. Furthermore, it provides a variety of interfaces to existing model checkers and analysis tools. Unfortunately, currently available tools rely on precise quantitative inputs (probabilities, timing, or costs of attacks), which are rarely available. Instead, only statistical, imprecise information is typically available, leaving us with probably approximately correct (PAC) estimates of the real quantities. As a part of our tool, we extend the standard analysis techniques so they can handle the PAC input and yield rigorous bounds on the imprecision and uncertainty of the final result of the analysis.
翻译:风险与对策的排序是定量安全分析的首要目标之一。攻击-防御树是完成此任务的流行框架之一,亦在工业实践中得到应用。针对攻击-防御树的标准定量分析能够区分可能性高与低的漏洞。我们提供了一个工具,支持便捷地合成与分析此类模型,并涵盖概率、成本与时间属性。此外,该工具为现有模型检验器与分析工具提供了多种接口。遗憾的是,当前可用工具依赖于精确的定量输入(攻击的概率、时间或成本),而这些数据往往难以获取。实际可用的通常是统计性、不精确的信息,导致我们只能获得真实量值的近似正确概率估计。作为本工具的一部分,我们扩展了标准分析技术,使其能够处理近似正确概率输入,并为分析最终结果的不精确性与不确定性提供严格界限。