Description
Attack Trees (ATs) are a widely adopted formalism for modeling security threats. However, their conventional use relies on an unrealistic assumption of perfect knowledge, where the system's entire state and all adversarial actions are fully known. Real-world security interactions are characterized by limited visibility and finite resource constraints for both the attacker and the defender.
To address this gap, we introduce Supervised Attack Trees (SATs), a novel framework that extends ATs to explicitly model the strategic, resource-constrained interaction between an attacker and a defender under conditions of partial observability. In our SAT model, each agent possesses a distinct, limited view of the system's nodes. The defender (supervisor) can dynamically allocate a finite budget to delay ongoing attacks, while the attacker expends a separate budget to compromise nodes.
We formally define the notion of a consistent observation, which represents a partially visible snapshot of the system state, and provide an algorithm for verifying its validity against the underlying SAT structure. Furthermore, we demonstrate that critical security decision problems, such as determining the minimum budget required to guarantee a successful attack and verifying the existence of a purely observation-based defense strategy that perpetually prevents the root compromise, can be systematically reduced to tractable model-checking problems.
| Pracovisko fakulty (katedra)/ Department of Faculty | KAI |
|---|---|
| Tlač postru/ Print poster | Budem požadovať tlač /I hereby required to print the poster in faculty |
