Hi all,

On September 15, in Aula Martinetti, at 2.30 pm we will have a seminar hold by Stefano Nicoletti (University of Twente).

Title of the talk: ATM: a Logic for Quantitative Security Properties on Attack Trees

Abstract: Critical infrastructure systems — for which high reliability and availability are paramount — must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but — in spite of their popularity — little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this talk we present ATM, a logic to express quantitative security properties on ATs. ATM allows for the specification of properties involved with security metrics that include “cost”, “probability” and “skill” and permits the formulation of insightful what-if scenarios. To showcase its potential, we demonstrate application of ATM to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. Finally, we sketch theory and algorithms — based on binary decision diagrams — to check properties and compute metrics of ATM-formulae. Joint work with Milan Lopuhaä-Zwakenberg, E. Moritz Hahn and Mariëlle Stoelinga.

Short bio: Stefano Nicoletti is a 4th year PhD Candidate at the University of Twente, at the Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS-FMT). He is working in the ERC-funded Project CAESAR with the goal of marrying the historically separated fields of safety and (cyber)security. His current research focuses on developing logics and model checking algorithms on models for risk assessment, like fault- and attack trees. He is a fellow of VvL | the Dutch Association for Logic and Philosophy of Sciences, CEST | the Center for Excellence and Transdisciplinary Studies and SILFS | the Italian Society of Logic and Philosophy of Sciences.

See you there!