Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
PARTIES
publications
Minimal Scheduling
Commits
b4118a66
Commit
b4118a66
authored
Jul 22, 2020
by
Jaime Arias
Browse files
add information of some case studies
parent
a3d3ef57
Changes
1
Hide whitespace changes
Inline
Side-by-side
README.md
View file @
b4118a66
...
...
@@ -17,7 +17,19 @@ git clone https://depot.lipn.univ-paris13.fr/parties/publications/minimal-schedu
## Results
### Forestall
The minimal scheduling results can be found in the
`results`
folder. The reader
can found the sources of the
`adt2amas`
tool
[
here
](
https://depot.lipn.univ-paris13.fr/parties/tools/adt2amas
)
or the binaries in the
`tool`
folder. Below we show some case studies.
### Forestalling a software release (forestall)
This model is based on a real-world instance [1]. It models an attack
to the intellectual property of a company C, by an unlawful competitor
company U aiming at being “first to the market.” Following [2],
software extraction from C takes place before U builds it into its own
product, and U must deploy to market before C, which takes place after U has
integrated the stolen software into its product.
#### ADTree model
...
...
@@ -27,7 +39,14 @@ git clone https://depot.lipn.univ-paris13.fr/parties/publications/minimal-schedu
The reader can find the 4 possible assignments
[
here
](
results/forestall/assignment
)
.
### Gain Admin
### Obtain admin privileges (gain-admin)
To gain administrative privileges in a UNIX system, an attacker needs either
physical access to an already logged-in console or remote access via
privilege escalation (attacking SysAdmin). This case study [3] exhibits a
mostly branching structure: all gates but one are disjunctions in the
original tree of [3]. We enrich this scenario with the SAND gates of [2],
and further add reactive defences
#### ADTree model
...
...
@@ -136,3 +155,22 @@ greater than the time for the thieves to steal the treasure and go away.
-
Teofil Sidoruk (Institute of Computer Science, PAS, Warsaw University of Technology)
## Abstract
## References
[1] A. Buldas, P. Laud, J. Priisalu, M. Saarepera, and J. Willemson. Rational
Choice of Security Measures Via Multi-parameter Attack Trees. In Critical
Information Infrastructures Security, pages 235–248. Springer, 2006.
[2] R. Kumar, E. Ruijters, and M. Stoelinga. Quantitative attack tree analysis
via priced timed automata. In FORMATS 2015, volume 9268 of LNCS, pages 156–
171.
Springer, 2015.
[3] J. D. Weiss. A system security engineering process. In Proceedings of the
14th National Computer Security Conference, pages 572–581, 1991.
[4] R. Kumar, S. Schivo, E. Ruijters, B. M. Yildiz, D. Huistra, J. Brandt, A.
Rensink, and M. Stoelinga. Effective analysis of attack trees: A model-driven
approach. In Fundamental Approaches to Software Engineering, pages 56–73.
Springer, 2018.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment