PhD Defence by Alyzia-Maria Konsta
Principal supervisor: Professor Alberto Lluch Lafuente, DTU Compute
Co-supervisor: Professor Nicola Dragoni, DTU Compute
Examiners
Associate Professor Anne Haxthausen, DTU Compute
Senior Researcher Maurice Ter Beek, National Research Council
Associate Professor Andrea Vandin, Sant’Anna School for Advanced Studies
Chairperson at defence: Associate professor Andrey Rivkin, DTU Compute
A copy of the PhD thesis is available for reading at the department.
For online participation, please use the following link:
As electronic device usage grows, vast amounts of sensitive data are stored and processed on local or remote servers, making the need of security crucial. One method to assess system security is through graphical security models like attack trees, which depicts all possible attack paths in a hierarchical structure. Traditionally, security experts design these trees manually, a process that can be tedious and error-prone. This thesis explores the automatic synthesis of attack trees using event logs from attacked systems, providing insights into exploited vulnerabilities. Additionally, it examines how to automatically apply countermeasures by controlling an attacker’s observability, such as obfuscating data.
For example, in a login system, if a user enters incorrect credentials, the system can either specify whether the username or password is wrong or provide a generic error message. The latter approach increases security by preventing attackers from narrowing down valid credentials but may reduce usability. Hence we explore ways of how a security expert can obfuscate (hide) specific aspect of the system under a budget (for example usability) in order to keep the attackers reward (for example gained knowledge) under a given threshold.
This work provides a solid starting point for improving security analysis and countermeasures. The results are promising and offer new ideas and tools for future research in automated security and decision-making.
