Invalidating Policies using Structural Information

Kammüller, Florian; Probst, Christian W.

doi:10.1109/spw.2013.36

Cited by 36 publications

(50 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For every possible actor in the system, the goal of the transformation is then to generate an attack that results in the actor having obtained this asset. The overall transformation is a generalised version of policy invalidation [10,11]: . .…”

Section: Transforming Models Without Asset Mobilitymentioning

confidence: 99%

“…While we present them in the setting of the TRE S PASS model, the general approach can be applied to any graphical system model. The transformations described in this work can be used as the core technique for policy invalidation [10,11], where policies describe both access control to locations and data, as well as system-wide policies such as admissible actions and actor behaviour. We have implemented the transformations presented in this work in an attack tree generator for TRE S PASS models.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Transforming Graphical System Models to Graphical Attack Models

Ivanova

Probst

Hansen

et al. 2016

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

Abstract. Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.

show abstract

Section: Transforming Models Without Asset Mobilitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Transforming Graphical System Models to Graphical Attack Models

Ivanova

Probst

Hansen

et al. 2016

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…The original approach of invalidation of a global policy based on local policies of infrastructure scenarios [18] uses the idea of Modelchecking: the attempt to prove a security property fails but provides a trace of steps in the infrastructure leading to a state in which the property is violated but more importantly providing a refined attack trace providing detailed steps leading to the attack.…”

Section: Extensions Of Sociological Explanation To State Changementioning

confidence: 99%

“…The original invalidation idea [18] uses the advantages of Modelchecking to find attacks by Insiders on infrastructures. Starting from an invalidated policy, the attempt to modelcheck fails producing an attack vector.…”

Section: Introduction and Overviewmentioning

confidence: 99%

Isabelle Modelchecking for Insider Threats

Kammüller¹

2016

Data Privacy Management and Security Assurance

View full text Add to dashboard Cite

“…Attacks are generated from a socio-technical system model [8,9] and are the basis of computing the risk faced by an organisation if one or more of the identified attacks are realised. Properties of interest of these attacks include required resources, such as time or money, likelihood of success, or impact of the attack.…”

Section: Introductionmentioning

confidence: 99%

Understanding How Components of Organisations Contribute to Attacks

Aslanyan

Probst

2016

Secure IT Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor -the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model components quickly results in a large quantity of interrelations, which are hard to grasp. In this work we present several approaches for visualising attributes of attacks such as likelihood of success, impact, and required time or skill level. The resulting visualisations provide a link between attacks on an organisations and the contribution of parts of an organisation to the attack and its impact.

show abstract

Invalidating Policies using Structural Information

Cited by 36 publications

References 15 publications

Transforming Graphical System Models to Graphical Attack Models

Transforming Graphical System Models to Graphical Attack Models

Isabelle Modelchecking for Insider Threats

Understanding How Components of Organisations Contribute to Attacks

Contact Info

Product

Resources

About