Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems

Kammueller, Florian ORCID: https://orcid.org/0000-0001-5839-5488 (2020) Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems. Archive of Formal Proof . ISSN 2150-914X [Article] (Accepted/In press)

[img] PDF (Generated latex output from Isabelle sources) - Published version (with publisher's formatting)
Restricted to Repository staff and depositor only

Download (238kB)

Abstract

In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL (see [2] for more details). The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification. A more detailed account of the Attack Tree formalisation is given in [3] and the case study is described in detail in [4].

Item Type: Article
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 30949
Useful Links:
Depositing User: Florian Kammueller
Date Deposited: 11 Sep 2020 15:16
Last Modified: 16 Sep 2020 12:43
URI: https://eprints.mdx.ac.uk/id/eprint/30949

Actions (login required)

View Item View Item

Full text downloads (NB count will be zero if no full text documents are attached to the record)

Downloads per month over the past year