Conditional security assesses the security of an ICT system in a specifc context. A fundamental step of this assessment determines the threats that can implement an attack against the system. Constrained attack automata are finite state automata to formally conducting this step by decomposing complex attacks into a sequences of elementary attacks. Each state of the automata corresponds to a set of resources controlled by the attacker while a while final states correspond to the success of a sequence of attacks so that one threat has reached one of its goals. Each transition is paired with some constrains on the amount of computational resources, the skills and the knowledge required to implement the elementary attack. To exploit these automata, each threat is modeled in terms of the amount of computational resources, skills and knowledge that it has available and this amount is modelled as a tuple of elements of partially ordered sets. By comparing the amount of resources a threat can access against that required by an attack, we can determine if there is at least one threat that can implement the attack and available countermeasures. We also consider risk mitigation the application of a set of static countermeasures or of dynamic ones. A static countermeasure prevents a threat from exploiting a vulnerability and it is modeled by removing some automata transitions. Lastly, we discuss redundant countermeasures and how constrained attack automata can model dynamic countermeasures, i.e. actions that are executed as the attack is going on to stop the attack itself.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com