BDMPathfinder: a tool for exploring attack paths in models defined by Boolean logic Driven Markov Processes

Security officers employ adversarial modelling techniques to drive analysis over complex attack surfaces. One technique for modelling safety and security is Attack Trees (AT) that uses logic gates to address the likelihood of malicious actions and outcomes. However, attack progression over time is not considered in AT analysis. To cope with this, the formalism of Boolean logic Driven Markov Processes (BDMP) extends AT where triggered transitions connect the sub-trees pertaining the hierarchy. BDMP is embedded with Markovian processes notions where modellers decorate transitions with likely timestamps to compute path probabilities. The time attackers take to complete any given malicious incursion stretches over a range of possibilities. Those durations are often difficult to cope due to a wealth of intangible characteristics such as adversaries' technical abilities, tool adequacy, quickness to devise vulnerability exploits, or countermeasures or defences in place in targeted infrastructures. The current BDMP analysis pipeline is sequential and generates a single output for one mission time. We propose BDMPathfinder, a tool that iterates over multiple durations to compute the totality of path attacks for BDMP models. We show its properties and trade-offs in a comprehensive case study exercising most common BDMP primitives by plotting the paths and probabilities altogether.