Foundations of Attack Trees

Mauw, Sjouke; Oostdijk, Martijn

doi:10.1007/11734727_17

Cited by 367 publications

(414 citation statements)

References 9 publications

Supporting

Mentioning

376

Contrasting

Order By: Relevance

“…A threat tree is composed of a single root node that defines the primary threat to an asset (for example, 'Disrupt Web Server' in Figure 1a). A threat may be decomposed into additional fine-grained sub-threats (for example, 'Denial of Service'), thereby forming a tree hierarchy [39]. A threat profile can be described as the path from a leaf node to the root node which represents a specific set of states involved in either achieving the primary threat or countering it.…”

Section: Threat Treesmentioning

confidence: 99%

See 1 more Smart Citation

Management of security policy configuration using a Semantic Threat Graph approach

Foley

Fitzgerald

2011

JCS

View full text Add to dashboard Cite

Managing the configuration of heterogeneous enterprise security mechanisms is a complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management based approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study based on Network Access Controls demonstrates how threats can be analysed and how automated configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards, including NIST, IETF and PCI-DSS recommendations for firewall configuration.

show abstract

Section: Threat Treesmentioning

confidence: 99%

“…Threat Trees [39,61], Attack Trees [56] and similar tree-based threat-modeling methodologies [6,17] are used to help identify, represent and analyse threats to an enterprise's assets. Their topdown approach provides a semi-formal but methodical way to determine viable threat vectors (who, why and how a system can be compromised).…”

Section: Introductionmentioning

confidence: 99%

Management of security policy configuration using a Semantic Threat Graph approach

Foley

Fitzgerald

2011

JCS

View full text Add to dashboard Cite

show abstract

“…To establish the characteristics that together determine the acceptability, we construct an objective tree of voter influencing in Section 2.2. Objective trees are attack trees (see [19,13]), but focus upon meeting goals instead of achieving attacks.…”

Section: Legal and Illegal Influencingmentioning

confidence: 99%

Anonymity in Voting Revisited

Jonker

Pieters

2010

Towards Trustworthy Elections

View full text Add to dashboard Cite

Abstract. According to international law, anonymity of the voter is a fundamental precondition for democratic elections. In electronic voting, several aspects of voter anonymity have been identified. In this paper, we re-examine anonymity with respect to voting, and generalise existing notions of anonymity in e-voting. First, we identify and categorise the types of attack that can be a threat to anonymity of the voter, including different types of vote buying and coercion. This analysis leads to a categorisation of anonymity in voting in terms of a) the strength of the anonymity achieved and b) the extent of interaction between voter and attacker. Some of the combinations, including weak and strong receiptfreeness, are formalised in epistemic logic.

show abstract

“…A threat may be decomposed into additional fine-grained sub-threats ('Denial of Service'), thereby forming a tree hierarchy [1]. A threat profile can be described as the path from a leaf node to the root node which represents a specific set of states involved in either achieving the primary threat or countering it.…”

Section: Threat Treesmentioning

confidence: 99%

“…Threat Trees [1,2], Attack Trees [3] and similar tree-based threat-modeling methodologies [4,5] are used to help identify, represent and analyze about threats to an enterprise's assets. Their top-down approach provides a semi-formal and methodical way to determine viable threat vectors (who, why and how a system can be compromised).…”

Section: Introductionmentioning

confidence: 99%

An Approach to Security Policy Configuration Using Semantic Threat Graphs

Foley

Fitzgerald

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study on Network Access Controls demonstrates how threats can be analyzed and how automated configuration recommendations can be made based on catalogues of best-practice countermeasures.

show abstract

Foundations of Attack Trees

Cited by 367 publications

References 9 publications

Management of security policy configuration using a Semantic Threat Graph approach

Management of security policy configuration using a Semantic Threat Graph approach

Anonymity in Voting Revisited

An Approach to Security Policy Configuration Using Semantic Threat Graphs

Contact Info

Product

Resources

About