网络与信息安全学报 (Apr 2019)
Information flow integrity measurement method using integrity threat tree
Abstract
In order to avert the drawback of traditional information flow integrity analysis on ignoring the specific system architecture and associated attack events, an integrity threat tree to quantify the integrity of the system information flow, and the conditional trigger gate to model the associated attack events were proposed. The attack cost was used to quantify the degree of difficulty on attacking each channel. According to the architecture-related integrity threat tree, the minimum attack cost and corresponding target channel set required to achieve the attack target were solved by using the satisfiability modulo theories. The practicality of our approach was demonstrated by the modeling and analysis of the actual flight control system models, and the influence of the conditional trigger gate parameters on the system integrity was discussed.
Keywords