How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Abstract: Abstract. Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bund… Show more

“…The trees we generate are refinement-aware, and thus provide more insight to the analyst than attack trees generated by previously proposed approaches, such as [IPHK15,Gad15,HKT13,VNN14]. Furthermore, our approach derives the refinement relation from the system model itself, and so it reduces the load on the analyst in comparison to the ATSyRA approach [PAV15].…”

“…It can be facilitated by applying industry threat catalogues [FFG`16] and security knowledge bases [GLPS14], but these information sources may be unavailable for particular organizations or too generic to be useful. This is why recently researchers started to develop techniques for generating attack trees automatically [VNN14,IPHK15,HKT13,PAV15,Gad15].…”

“…Reachability-based approaches, such as [IPHK15,Gad15,HKT13], transform system models into attack trees using information about connected elements in the model. In essence, these approaches reason that the attacker can reach the desired location from any system location adjacent to it.…”

“…This reasoning is applied recursively to traverse complete attack paths. The main drawback of the techniques proposed in [VNN14,IPHK15,HKT13,Gad15] is that they do not leverage the refinement structure of attack trees, when parent nodes are more abstract than child nodes. In fact, [VNN14] does not provide any meaning to intermediate nodes, which only serve to express how child nodes are combined, while [IPHK15,Gad15,HKT13] have intermediate nodes at the same level of abstraction as child nodes, representing actions in the system model.…”

Refinement-Aware Generation of Attack Trees

“…The trees we generate are refinement-aware, and thus provide more insight to the analyst than attack trees generated by previously proposed approaches, such as [IPHK15,Gad15,HKT13,VNN14]. Furthermore, our approach derives the refinement relation from the system model itself, and so it reduces the load on the analyst in comparison to the ATSyRA approach [PAV15].…”

“…It can be facilitated by applying industry threat catalogues [FFG`16] and security knowledge bases [GLPS14], but these information sources may be unavailable for particular organizations or too generic to be useful. This is why recently researchers started to develop techniques for generating attack trees automatically [VNN14,IPHK15,HKT13,PAV15,Gad15].…”

“…Reachability-based approaches, such as [IPHK15,Gad15,HKT13], transform system models into attack trees using information about connected elements in the model. In essence, these approaches reason that the attacker can reach the desired location from any system location adjacent to it.…”

“…This reasoning is applied recursively to traverse complete attack paths. The main drawback of the techniques proposed in [VNN14,IPHK15,HKT13,Gad15] is that they do not leverage the refinement structure of attack trees, when parent nodes are more abstract than child nodes. In fact, [VNN14] does not provide any meaning to intermediate nodes, which only serve to express how child nodes are combined, while [IPHK15,Gad15,HKT13] have intermediate nodes at the same level of abstraction as child nodes, representing actions in the system model.…”

Refinement-Aware Generation of Attack Trees

“…The analyst and the stakeholders will then identify relevant abstract attack scenarios (expected attacker profiles and assets that could be compromized). Afterwards, the TREsPASS toolset generates a set of concrete threat scenarios represented as attack trees [9,4], which are then extended and annotated with data using a knowledge base populated at the preparation phase. The extended and annotated trees are then analyzed to identify critical attack scenarios [6], which are traced back to socio-technical model elements affected and visualized to the stakeholders.…”

Towards Empirical Evaluation of Automated Risk Assessment Methods

Semi-automatically Augmenting Attack Trees Using an Annotated Attack Tree Library