add information of some case studies

b4118a66 · Jaime Arias · a3d3ef57 · b4118a66
Commit b4118a66 authored Jul 22, 2020 by Jaime Arias
--- a/README.md
+++ b/README.md
@@ -17,7 +17,19 @@ git clone https://depot.lipn.univ-paris13.fr/parties/publications/minimal-schedu

 ## Results

-### Forestall
+The minimal scheduling results can be found in the `results` folder. The reader
+can found the sources of the `adt2amas` tool
+[here](https://depot.lipn.univ-paris13.fr/parties/tools/adt2amas)
+or the binaries in the `tool` folder. Below we show some case studies.
+
+### Forestalling a software release (forestall)
+
+This model is based on a real-world instance [1]. It models an attack
+to the intellectual property of a company C, by an unlawful competitor
+company U aiming at being “first to the market.” Following [2],
+software extraction from C takes place before U builds it into its own
+product, and U must deploy to market before C, which takes place after U has
+integrated the stolen software into its product.

 #### ADTree model

@@ -27,7 +39,14 @@ git clone https://depot.lipn.univ-paris13.fr/parties/publications/minimal-schedu

 The reader can find the 4 possible assignments [here](results/forestall/assignment).

-### Gain Admin
+### Obtain admin privileges (gain-admin)
+
+To gain administrative privileges in a UNIX system, an attacker needs either
+physical access to an already logged-in console or remote access via
+privilege escalation (attacking SysAdmin). This case study [3] exhibits a
+mostly branching structure: all gates but one are disjunctions in the
+original tree of [3]. We enrich this scenario with the SAND gates of [2],
+and further add reactive defences

 #### ADTree model

@@ -136,3 +155,22 @@ greater than the time for the thieves to steal the treasure and go away.
 - Teofil Sidoruk (Institute of Computer Science, PAS, Warsaw University of Technology)

 ## Abstract
+
+## References
+
+[1] A. Buldas, P. Laud, J. Priisalu, M. Saarepera, and J. Willemson. Rational
+Choice of Security Measures Via Multi-parameter Attack Trees. In Critical
+Information Infrastructures Security, pages 235–248. Springer, 2006.
+
+[2] R. Kumar, E. Ruijters, and M. Stoelinga. Quantitative attack tree analysis
+via priced timed automata. In FORMATS 2015, volume 9268 of LNCS, pages 156–
+171. Springer, 2015.
+
+[3] J. D. Weiss. A system security engineering process. In Proceedings of the
+14th National Computer Security Conference, pages 572–581, 1991.
+
+[4] R. Kumar, S. Schivo, E. Ruijters, B. M. Yildiz, D. Huistra, J. Brandt, A.
+Rensink, and M. Stoelinga. Effective analysis of attack trees: A model-driven
+approach. In Fundamental Approaches to Software Engineering, pages 56–73.
+Springer, 2018.
+