Harley Eades III Olga Gadyatskaya (Eds.) 9 1 Graphical Models 4 2 1 S for Security C N L 7th International Workshop, GraMSec 2020 Boston, MA, USA, June 22, 2020 Revised Selected Papers Lecture Notes in Computer Science 12419 Founding Editors Gerhard Goos Karlsruhe Institute of Technology, Karlsruhe, Germany Juris Hartmanis Cornell University, Ithaca, NY, USA Editorial Board Members Elisa Bertino Purdue University, West Lafayette, IN, USA Wen Gao Peking University, Beijing, China Bernhard Steffen TU Dortmund University, Dortmund, Germany Gerhard Woeginger RWTH Aachen, Aachen, Germany Moti Yung Columbia University, New York, NY, USA More information about this series at http://www.springer.com/series/7410 Harley Eades III Olga Gadyatskaya (Eds.) (cid:129) Graphical Models for Security 7th International Workshop, GraMSec 2020 Boston, MA, USA, June 22, 2020 Revised Selected Papers 123 Editors Harley EadesIII OlgaGadyatskaya Augusta University Leiden University Augusta, GA, USA Leiden,The Netherlands ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-030-62229-9 ISBN978-3-030-62230-5 (eBook) https://doi.org/10.1007/978-3-030-62230-5 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerNatureSwitzerlandAG2020 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface The 7th International Workshop on Graphical Models for Security (GraMSec 2020) was held virtually on June 22, 2020, colocated with the Computer Security Foundations Symposium (CSF 2020). Since its establishment in 2014, GraMSec seeks to bring together academic researchers and practitioners from industry and government to discuss the latest challengesandinsightsingraphicalmodelsappliedinthesecuritydomain.Itenjoysa large community of security professionals passionate about designing and applying graphical models and visualizations for capturing security of systems. Such graphical modelsandvisualizationsareoftenveryversatile,beingabletorepresentamultitudeof security facets and to support security experts in tasks like formal socio-technical security modeling or automated security assessment. Thesepost-proceedingscontainrevisedversionsofthe7fulltechnicalpapersand3 shortpapers,whichwereselectedfrom14submissions.Inadditiontothepresentations of these papers, Mariëlle Stoelinga from University of Twente and Radboud University, The Netherlands, gave a keynote talk titled “Safety Versus Security: Why Have They Not Married Yet?” This talk, which focused on similarities and discrep- ancies between security and safety models and approaches, showed the GraMSec audience several inspiring research directions. The organization of GraMSec 2020 was affected by the COVID-19 global health crisis. The workshop was held online and authors and the Program Committee mem- bersweretouchedbythisglobalemergency.Wethankallauthorsforsubmittingtheir researchresultstoGraMSec2020.WethankallProgramCommitteemembersandthe external reviewers for their time and effort toward a balanced and exciting workshop program. We are grateful to the invited speaker and the presenters for delivering their engaging talks online. Finally, we would also like to thank the Steering Committee of GraMSec, and especially Barbara Fila, for their support in organizing the workshop. September 2020 Harley Eades III Olga Gadyatskaya Organization Program Chairs Harley Eades III Augusta University, USA Olga Gadyatskaya Leiden University, The Netherlands Program Committee Ludovic Apvrille Télécom Paris, France Marco Angelini Sapienza University of Rome, Italy Paul Attie Augusta University, USA Stefano Bistarelli University of Perugia, Italy Carlos E. Budde University of Twente, The Netherlands Bram Cappers TU Eindhoven, The Netherlands Daniele Codetta-Raiteri Università del Piemonte Orientale, Italy Julia Eisentraut TU Munich, Germany Mathias Ekstedt KTH Royal Institute of Technology, Sweden Barbara Fila INSA Rennes, IRISA, France Holger Hermanns Saarland University, Germany Ross Horne University of Luxembourg, Luxembourg Dong Seong Kim University of Canterbury, New Zealand Rajesh Kumar BirlaInstituteofTechnologyandScience,Pilani,India Kate Labunets TU Delft, The Netherlands Tong Li Beijing University of Technology, China Sjouke Mauw University of Luxembourg, Luxembourg Per Håkon Meland SINTEF, Norway Federica Paci University of Verona, Italy Stéphane Paul Thales Research and Technology, France Sophie Pinchinat University of Rennes, CNRS, IRISA, France Saša Radomirovic Heriot-Watt University, UK Riccardo Scandariato University of Gothenburg and Chalmers University of Technology, Sweden Ketil Stølen SINTEF Digital, University of Oslo, Norway Axel Tanner IBM Research, Switzerland Rolando Trujillo-Rasua Deakin University, Australia Katja Tuma University of Gothenburg and Chalmers University of Technology, Sweden Luca Viganò King’s College London, UK Lingyu Wang Concordia University, Canada Wojcieh Widel KTH Royal Institute of Technology, Sweden Jan Willemson Cybernetica, Estonia viii Organization Steering Committee Sushil Jajodia George Mason University, USA Barbara Fila INSA Rennes, IRISA, France Sjouke Mauw University of Luxembourg, Luxembourg Christian W. Probst Unitec, New Zealand Ketil Stølen SINTEF Digital, University of Oslo, Norway Publicity Chair Barbara Fila INSA Rennes, IRISA, France Web Chair Reynaldo Gil Pons University of Luxembourg, Luxembourg Additional Reviewers Ivan Merkanti Raúl E. Monti Matthias Ramparison Carlo Taticchi Safety Versus Security: Why Have They Not Married Yet? (Abstract of Invited Talk) Mariëlle Stoelinga1,2 1University of Twente, TheNetherlands 2Radboud University,The Netherlands [email protected] Abstract. Safety and security are two historically separated fields that have manyaspectsincommon.Safetyistheabsenceofdisruptionsduetounintended failures; security is the absence of disruptions due to malicious attacks. While both safety and security aim at mitigating system risks with cost-effective counter measures, they take opposing views when in comes to modelling, measuring, and mitigating. In this talk, I will present the main differences and similarities between safety and security risk analyses, as well as directions to reconciletheseimportantfields,throughmathematicalgametheory,uncertainty reasoning, and stochastic analysis. The research is funded by an ERC consol- idator grant CAESAR: integrating safety and cybersecurity through stochastic model checking. Contents Attack Trees Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Amjad Ibrahim, Simon Rehwald, Antoine Scemama, Florian Andres, and Alexander Pretschner Library-Based Attack Tree Synthesis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Sophie Pinchinat, François Schwarzentruber, and Sébastien Lê Cong Asset-Centric Analysis and Visualisation of Attack Trees. . . . . . . . . . . . . . . 45 Christopher Schmitz, André Sekulla, and Sebastian Pape Attacks and Risks Modelling and Visualisation An Attack Simulation Language for the IT Domain. . . . . . . . . . . . . . . . . . . 67 Sotirios Katsikeas, Simon Hacks, Pontus Johnson, Mathias Ekstedt, Robert Lagerström, Joar Jacobsson, Max Wällstedt, and Per Eliasson Representing Decision-Makers in SGAM-H: The Smart Grid Architecture Model Extended with the Human Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Adam Szekeres and Einar Snekkenes Breaking the Cyber Kill Chain by Modelling Resource Costs. . . . . . . . . . . . 111 Kristian Haga, Per Håkon Meland, and Guttorm Sindre GroDDViewer: Dynamic Dual View of Android Malware . . . . . . . . . . . . . . 127 Jean-François Lalande, Mathieu Simon, and Valérie Viet Triem Tong Models for Reasoning About Security Attack-Defence Frameworks: Argumentation-Based Semantics for Attack-Defence Trees. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 DovM.Gabbay,RossHorne,SjoukeMauw,andLeendertvanderTorre A Diagrammatic Approach to Information Flow in Encrypted Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Peter M. Hines