Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems
Kammueller, Florian ORCID: https://orcid.org/0000-0001-5839-5488
(2020)
Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems.
Archive of Formal Proof
.
ISSN 2150-914X
[Article]
(Accepted/In press)
![]() |
PDF (Generated latex output from Isabelle sources)
- Published version (with publisher's formatting)
Restricted to Repository staff and depositor only Download (238kB) |
Abstract
In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL (see [2] for more details). The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification. A more detailed account of the Attack Tree formalisation is given in [3] and the case study is described in detail in [4].
Item Type: | Article |
---|---|
Research Areas: | A. > School of Science and Technology > Computer Science |
Item ID: | 30949 |
Useful Links: | |
Depositing User: | Florian Kammueller |
Date Deposited: | 11 Sep 2020 15:16 |
Last Modified: | 16 Sep 2020 12:43 |
URI: | https://eprints.mdx.ac.uk/id/eprint/30949 |
Actions (login required)
![]() |
View Item |
Statistics
Additional statistics are available via IRStats2.