Showing 1–6 of 6 results for author: Barrère, M

MaxSAT Evaluation 2020 -- Benchmark: Identifying Maximum Probability Minimal Cut Sets in Fault Trees

Authors: Martín Barrère, Chris Hankin

Abstract: This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as th… ▽ More This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as the optimal cost and solution for each case. △ Less

Submitted 16 July, 2020; originally announced July 2020.

Comments: 5 pages, 1 figure. To appear in Proceedings of the MaxSAT Evaluation 2020 (MSE'20). https://maxsat-evaluations.github.io/2020/

MSC Class: 68M15; 05C05; 94C15; 68R10; 90B25; 93B20; 90C27; 90C35; 68U07; 03B05 ACM Class: B.8; C.4; G.2.2; F.4.1; J.6; J.7; B.6.3; D.4.5; D.4.6; J.2

Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT

Authors: Martín Barrère, Chris Hankin

Abstract: In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient. In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient. △ Less

Submitted 5 May, 2020; originally announced May 2020.

Comments: Accepted for publication at the 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020), Fast Abstracts Track, 2020

MSC Class: 68M15; 05C05; 94C15; 68R10; 90B25; 93B20; 90C27; 90C35; 68U07; 03B05 ACM Class: B.8; C.4; G.2.2; F.4.1; J.6; J.7; B.6.3; D.4.5; D.4.6; J.2

Assessing Cyber-Physical Security in Industrial Control Systems

Authors: Martín Barrère, Chris Hankin, Demetrios G. Eliades, Nicolas Nicolau, Thomas Parisini

Abstract: Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependenc… ▽ More Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlap** manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN). △ Less

Submitted 21 November, 2019; originally announced November 2019.

Comments: 10 pages, 10 figures. Keywords: security metrics, cyber-physical security, AND-OR graphs, hypergraphs, MAX-SAT resolution, ICS, CPS

Journal ref: 6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR), pp. 49-58 (2019)

MaxSAT Evaluation 2019 -- Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs

Authors: Martín Barrère, Chris Hankin, Nicolas Nicolau, Demetrios G. Eliades, Thomas Parisini

Abstract: This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND… ▽ More This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with AND/OR graphs of different size and composition as well as the optimal cost and solution for each case. △ Less

Submitted 1 November, 2019; originally announced November 2019.

Comments: arXiv admin note: substantial text overlap with arXiv:1905.04796

Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

Authors: Martín Barrère, Chris Hankin, Nicolas Nicolau, Demetrios G. Eliades, Thomas Parisini

Abstract: In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently ide… ▽ More In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric. △ Less

Submitted 12 May, 2019; originally announced May 2019.

Comments: Keywords: Security metrics, industrial control systems, cyber-physical systems, AND-OR graphs, MAX-SAT resolution

Exact Inference Techniques for the Analysis of Bayesian Attack Graphs

Authors: Luis Muñoz-González, Daniele Sgandurra, Martín Barrère, Emil Lupu

Abstract: Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model… ▽ More Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches. △ Less

Submitted 4 November, 2016; v1 submitted 8 October, 2015; originally announced October 2015.

Comments: 14 pages, 15 figures

MSC Class: 62F15