This article addresses the problem of automatically generating attack trees that soundly and clearly describe the ways the system can be attacked. Soundness means that the attacks displayed by the attack tree are indeed attacks in the system; clarity means that the tree is efficient in communicating the attack scenario. To pursue clarity, we introduce an attack-tree generation algorithm that minimises the tree size and the information length of its labels without sacrificing correctness. We achieve this by i) introducing a system model that allows to reason about attacks and goals in an efficient manner, and ii) by establishing a connection between the problem of factorising algebraic expressions and the problem of minimising the tree size. To the best of our knowledge, we introduce the first attack-tree generation framework that optimises the labelling and shape of the generated trees, while guaranteeing their soundness with respect to a system specification.
翻译:本文探讨了如何自动生成能够准确且清晰地描述系统可能遭受攻击方式的攻击树。准确性意味着攻击树所展示的攻击确实是系统中存在的攻击;清晰性则指攻击树能高效传达攻击场景。为实现清晰性,我们提出了一种攻击树生成算法,该算法在不牺牲正确性的前提下,最小化攻击树的规模及其标注的信息长度。我们通过以下方式实现这一目标:i) 引入一种能够高效推理攻击与目标的系统模型;ii) 建立代数表达式分解问题与最小化树规模问题之间的关联。据我们所知,我们首次提出了一个攻击树生成框架,该框架在保证生成树相对于系统规范准确性的同时,优化了生成树的标注与结构。