Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

Pieters, Wolter; Davarynejad, Mohsen

doi:10.1007/978-3-319-17016-9_13

Cited by 11 publications

(10 citation statements)

References 12 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These effort has been further extended by other researchers in different contexts, e.g. by LeMay et al [258], and by Pieters and Davarynejad [259].…”

Section: Attack Modellingmentioning

confidence: 89%

See 1 more Smart Citation

Security in Embedded Systems: A Model-Based Approach with Risk Metrics

Vasilevskaya¹

2015

View full text Add to dashboard Cite

“…These effort has been further extended by other researchers in different contexts, e.g. by LeMay et al [258], and by Pieters and Davarynejad [259].…”

Section: Attack Modellingmentioning

confidence: 89%

“…Pieters and Davarynejad [259] also investigate how attacker profiles affect probabilities of success for an attack step. The authors distinguish static attacker properties (skills) and dynamic attacker properties (investment schemes).…”

Section: Attack Modellingmentioning

confidence: 99%

Security in Embedded Systems: A Model-Based Approach with Risk Metrics

Vasilevskaya¹

2015

View full text Add to dashboard Cite

“…A natural way to express these relationships among harms, feared events and privacy weaknesses is through harm trees. Harm trees are akin to attack trees in computer security [4,12,14,27,28,41,43,44,45,46,53]. The use of this type of trees is not new for privacy, even if very few papers have been published on this topic.…”

Section: Rr N°8876mentioning

confidence: 99%

PRIAM: A Privacy Risk Analysis Methodology

Métayer

2016

Data Privacy Management and Security Assurance

View full text Add to dashboard Cite

PRIAM: Un cadre d'analyse de risques d'atteintes à la vie privée Résumé : La nécessité de conduire une analyse d'impact (PIA) avant tout déploiement de système ou de service informatique présentant des risques potentiels d'atteinte à la vie privée est désormais reconnue. Les analyses d'impact sur les données personnelles deviendront d'ailleurs obligatoires pour certaines catégories de produits quand le nouveau règlement européen sur la protection des données personnelles entrera en vigueur. L'analyse des risques en matière de vie privée, qui doit constituer la partie technique d'un PIA, a jusqu'à présent été moins étudiée que les aspects juridiques et organisationnels des PIAs. Ce rapport de recherche décrit une proposition de cadre et de méthodologie pour conduire ces analyses de risques d'atteinte à la vie privée de manière rigoureuse et systématique. Ce cadre, appelé PRIAM (Privacy Risk Analysis Methodology) est illustré avec un cas d'étude dans le domaine du "quantified self".

show abstract

“…One can also consider attacker behaviour over time in order to get frequency metrics for risk analysis [17]. The similarity with economic models also means that there is quite a bit of uncertainty in the results of computations.…”

Section: The Attack Navigatormentioning

confidence: 99%

The Attack Navigator

Probst

Willemson

Pieters

2016

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

Abstract. The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions.

show abstract

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

Cited by 11 publications

References 12 publications

Security in Embedded Systems: A Model-Based Approach with Risk Metrics

Security in Embedded Systems: A Model-Based Approach with Risk Metrics

PRIAM: A Privacy Risk Analysis Methodology

The Attack Navigator

Contact Info

Product

Resources

About