Commit b4118a66 authored by Jaime Arias's avatar Jaime Arias
Browse files

add information of some case studies

parent a3d3ef57
......@@ -17,7 +17,19 @@ git clone https://depot.lipn.univ-paris13.fr/parties/publications/minimal-schedu
## Results
### Forestall
The minimal scheduling results can be found in the `results` folder. The reader
can found the sources of the `adt2amas` tool
[here](https://depot.lipn.univ-paris13.fr/parties/tools/adt2amas)
or the binaries in the `tool` folder. Below we show some case studies.
### Forestalling a software release (forestall)
This model is based on a real-world instance [1]. It models an attack
to the intellectual property of a company C, by an unlawful competitor
company U aiming at being “first to the market.” Following [2],
software extraction from C takes place before U builds it into its own
product, and U must deploy to market before C, which takes place after U has
integrated the stolen software into its product.
#### ADTree model
......@@ -27,7 +39,14 @@ git clone https://depot.lipn.univ-paris13.fr/parties/publications/minimal-schedu
The reader can find the 4 possible assignments [here](results/forestall/assignment).
### Gain Admin
### Obtain admin privileges (gain-admin)
To gain administrative privileges in a UNIX system, an attacker needs either
physical access to an already logged-in console or remote access via
privilege escalation (attacking SysAdmin). This case study [3] exhibits a
mostly branching structure: all gates but one are disjunctions in the
original tree of [3]. We enrich this scenario with the SAND gates of [2],
and further add reactive defences
#### ADTree model
......@@ -136,3 +155,22 @@ greater than the time for the thieves to steal the treasure and go away.
- Teofil Sidoruk (Institute of Computer Science, PAS, Warsaw University of Technology)
## Abstract
## References
[1] A. Buldas, P. Laud, J. Priisalu, M. Saarepera, and J. Willemson. Rational
Choice of Security Measures Via Multi-parameter Attack Trees. In Critical
Information Infrastructures Security, pages 235–248. Springer, 2006.
[2] R. Kumar, E. Ruijters, and M. Stoelinga. Quantitative attack tree analysis
via priced timed automata. In FORMATS 2015, volume 9268 of LNCS, pages 156–
171. Springer, 2015.
[3] J. D. Weiss. A system security engineering process. In Proceedings of the
14th National Computer Security Conference, pages 572–581, 1991.
[4] R. Kumar, S. Schivo, E. Ruijters, B. M. Yildiz, D. Huistra, J. Brandt, A.
Rensink, and M. Stoelinga. Effective analysis of attack trees: A model-driven
approach. In Fundamental Approaches to Software Engineering, pages 56–73.
Springer, 2018.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment