Formalizing Real-world Threat Scenarios
Paul Tavolato, Robert Luh, Robert Luh, Sebastian Eresheim, Sebastian Eresheim
2022
Abstract
Using formal methods in threat analysis would be of great benefit to securing modern IT systems. To this end a strictly formal description of attacker-defender scenarios is vital. This paper demonstrates how attacker and defender behavior and its interrelationship can be defined using Markov decision processes and stochastic game theory. Based on these definitions, model checking methods can be applied to find quantitative answers to important questions relevant in threat analysis. A main focus lies on the applicability of the method to real-world situations. This is accomplished by incorporating information from several proven tactical and technical knowledge bases. Practicability of the method is shown by using the model checking tool PRISM-games.
DownloadPaper Citation
in Harvard Style
Tavolato P., Luh R. and Eresheim S. (2022). Formalizing Real-world Threat Scenarios. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 281-289. DOI: 10.5220/0010781300003120
in Bibtex Style
@conference{icissp22,
author={Paul Tavolato and Robert Luh and Sebastian Eresheim},
title={Formalizing Real-world Threat Scenarios},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={281-289},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010781300003120},
isbn={978-989-758-553-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Formalizing Real-world Threat Scenarios
SN - 978-989-758-553-1
AU - Tavolato P.
AU - Luh R.
AU - Eresheim S.
PY - 2022
SP - 281
EP - 289
DO - 10.5220/0010781300003120