Defence trees are used to represent attack and defence strate- gies in security scenarios; the aim in such scenarios is to select the best set of countermeasures have to be applied to stop all the vulnerabilities. To represent the preference among the possible countermeasures of a given attack, defence trees are enriched with CP-networks (CP-net for short). However, for complex trees, composing CP-nets could be not always ef- fective. In this paper we overcome these limitations by transforming each CP-net in an Answer Set Optimization (ASO) program. The ASO pro- gram, representing the overall scenario, is a special composition of the programs associated to each branch of the defence tree. The best set of countermeasure able to mitigate all the vulnerabilities is then obtained by computing the optimal answer set of the corresponding ASO program.
Answer Set Optimization for and/or Composition of CP-Nets: A Security Scenario
Bistarelli S;
2007
Abstract
Defence trees are used to represent attack and defence strate- gies in security scenarios; the aim in such scenarios is to select the best set of countermeasures have to be applied to stop all the vulnerabilities. To represent the preference among the possible countermeasures of a given attack, defence trees are enriched with CP-networks (CP-net for short). However, for complex trees, composing CP-nets could be not always ef- fective. In this paper we overcome these limitations by transforming each CP-net in an Answer Set Optimization (ASO) program. The ASO pro- gram, representing the overall scenario, is a special composition of the programs associated to each branch of the defence tree. The best set of countermeasure able to mitigate all the vulnerabilities is then obtained by computing the optimal answer set of the corresponding ASO program.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
