Abstract
The complexity of socio-technical systems using Ambient Intelligence (AmI) and the Internet of Things (IoT) is growing exponentially, involving numerous entities, such as humans, infrastructures, and cyber systems. Achieving and maintaining a specified level of security and privacy in such systems is challenging and crucial. Attack Tree is a powerful technique used in safety and reliability engineering. In this paper, we attempted to enhance Attack Tree analysis by transforming it into a Markov Decision Process (MDP) model. We propose an algorithm to transform an Attack Tree into an MDP model. We argue that formal methods, such as probabilistic model checking can significantly improve the security analysis capabilities. Moreover, the mixture of MDP and probabilistic model checking can overcome the limitations of Attack Trees, such as state explosion, scalability, and manual interaction. We used a probabilistic model checker, namely PRISM to model an attack scenario and perform security analysis on it. To demonstrate the significance, we took a real-world use case and performed a probabilistic analysis on it. The results revealed that formal analysis can prove certain properties, which were not possible to verify using attack trees.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
