Domain-specific quantitative modeling and analysis approaches are fundamental in scenarios in which qualitative approaches are inappropriate or unfeasible. In this paper, we present a tool-supported approach to quantitative graph-based security risk modeling and analysis based on attack-defense trees. Our approach is based on QFLan, a successful domain-specific approach to support quantitative modeling and analysis of highly configurable systems, whose domain-specific components have been decoupled to facilitate the instantiation of the QFLan approach in the domain of graph-based security risk modeling and analysis. Our approach incorporates distinctive features from three popular kinds of attack trees, namely enhanced attack trees, capabilities-based attack trees and attack countermeasure trees, into the domain-specific modeling language. The result is a new framework, called RisQFLan, to support quantitative security risk modeling and analysis based on attack-defense diagrams. By offering either exact or statistical verification of probabilistic attack scenarios, RisQFLan constitutes a significant novel contribution to the existing toolsets in that domain. We validate our approach by highlighting the additional features offered by RisQFLan in three illustrative case studies from seminal approaches to graph-based security risk modeling analysis based on attack trees.

中文翻译：

---

使用RisQFLan进行定量安全风险建模和分析

在定性方法不合适或不可行的情况下，特定领域的定量建模和分析方法至关重要。在本文中，我们提出了一种工具支持的方法，用于基于攻击防御树的定量基于图的安全风险建模和分析。我们的方法基于QFLan，这是一种成功的特定于域的方法，用于支持对高度可配置的系统进行定量建模和分析，其特定于域的组件已解耦，从而有助于在基于图的安全风险建模领域中实例化QFLan方法。和分析。我们的方法将来自三种流行的攻击树（即增强型攻击树，基于功能的攻击树和攻击对策树）的独特功能整合到特定于域的建模语言中。结果是一个名为RisQFLan的新框架，可支持基于攻击防御图的定量安全风险建模和分析。通过提供概率攻击情形的精确或统计验证，RisQFLan对该领域的现有工具集做出了重大的新贡献。我们通过在三个示例性案例研究中从RisQFLan突出显示RisQFLan提供的其他功能来验证我们的方法，这些案例研究从创新的方法到基于攻击树的基于图的安全风险建模分析。