Performing risk assessment of a system, being it a computer network, a physical infrastructure or an organization, is a very challenging and time consuming task. High expertise is required from a security expert who needs to identify the system's vulnerabilities and potential attack scenarios.
Their quantitative analysis allows then to determine the most critical risks, which is a necessary step to propose optimal ways for securing the system.
For more than 20 years, attack trees have been used to strengthen risk assessment processes. They provide a structured representation of attack scenarios and support their qualitative and quantitative analysis. A major drawback of attack trees is however their unilateral focus on the attacker's perspective.
My main post-doctoral research activities have focused on attack-defense trees which extend classical attack trees with countermeasure nodes. Augmenting the modeling power of attack trees with the defender's perspective allows us to reason about security-evolving systems and take into account interactions between the attacker and the defender.
I will first introduce the attack-defense tree formalism and discuss its mathematical foundations. Then, I will focus on quantitative analysis of attack-defense trees, and show how to specify and solve a number of defender-oriented optimization problems. I will conclude by discussing future research directions for the field.
Sushil Jajodia, Professor, George Mason University, Fairfax, Virginia, USA (reviewer)
Mariëlle Stoelinga, Professor University of Twente and Radboud University, The Netherlands (reviewer)
Nathalie Bertrand, DR Inria, IRISA, France (member)
Ketil Stølen, Professor, University of Oslo, and Chief scientist at SINTEF, Norway (member)
Luca Viganò, Professor, King's College London, UK (member)