DAG-based attack and defense modeling: Don’t miss the forest for the attack trees

Kordy, Barbara; Piètre-Cambacédès, Ludovic; Schweitzer, Patrick

doi:10.1016/j.cosrev.2014.07.001

Cited by 259 publications

(220 citation statements)

References 172 publications

(271 reference statements)

Supporting

Mentioning

219

Contrasting

Order By: Relevance

“…For the approach in this paper, we essentially only require that attack goals can be divided into sub-goals that can be combined either conjunctively (must all be completed) or disjunctively (only one sub-goal need to be completed). This is very similar to attack trees [1,2], and just as for these it would be interesting to allow more complex combinations at a later point.…”

Section: Graphical System Models and Attack Modelsmentioning

confidence: 71%

“…Our approach is generally applicable to graphical system models and graphical attack models; examples for instances of such models include system models, e.g., ExASyM [7] and Portunes [8], and attack models such as attack trees and attack-defence trees [1,2].…”

Section: Resultsmentioning

confidence: 99%

“…Attack trees [1,2] are widely used by various security analysis techniques; they support an easily accessible tree-like structure that can be visualised and understood by non-experts. At the same time, they can be subjected to formal analysis and structured treatment due to their tree-structure.…”

Section: Graphical Attack Modelmentioning

confidence: 99%

“…Attack trees [1,2] are a loosely defined, yet (or maybe therefore) widely used approach for documenting possible attacks in risk assessment [3]; they can describe attack goals and different ways of achieving these goals by means of the individual steps in an attack. The goal of the defender is then to inhibit one or more of the attack steps, thereby prohibiting the overall attack, or at least making it more difficult or expensive.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Transforming Graphical System Models to Graphical Attack Models

Ivanova

Probst

Hansen

et al. 2016

Graphical Models for Security

View full text Add to dashboard Cite

Abstract. Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.

show abstract

Section: Graphical System Models and Attack Modelsmentioning

confidence: 71%

Section: Resultsmentioning

confidence: 99%

Section: Graphical Attack Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Transforming Graphical System Models to Graphical Attack Models

Ivanova

Probst

Hansen

et al. 2016

Graphical Models for Security

View full text Add to dashboard Cite

show abstract

“…To communicate the attacks identified in an organisation, attack trees [2,3] are often used; due to their relatively loose definition, attack trees can be adapted to the requirements in many different settings. Attack trees provide structure to the represented attacks by relating a node representing the goal of an attack with different alternative or required sub-goals, which an attacker may or must perform.…”

Section: Introductionmentioning

confidence: 99%

Understanding How Components of Organisations Contribute to Attacks

Aslanyan

Probst

2016

Secure IT Systems

View full text Add to dashboard Cite

Abstract. Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor -the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model components quickly results in a large quantity of interrelations, which are hard to grasp. In this work we present several approaches for visualising attributes of attacks such as likelihood of success, impact, and required time or skill level. The resulting visualisations provide a link between attacks on an organisations and the contribution of parts of an organisation to the attack and its impact.

show abstract