The Navigation Metaphor in Security Economics

Pieters, Wolter; Barendse, Jeroen; Ford, Margaret; Heath, Claude P. R.; Probst, Christian W.; Verbij, Ruud

doi:10.1109/msp.2016.47

Cited by 4 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the TRE S PASS project [7], visualisations such as our approach contribute to the attack navigator [16,17]. Beyond this, the techniques presented here are widely applicable.…”

Section: Resultsmentioning

confidence: 99%

Understanding How Components of Organisations Contribute to Attacks

Aslanyan

Probst

2016

Secure IT Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor -the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model components quickly results in a large quantity of interrelations, which are hard to grasp. In this work we present several approaches for visualising attributes of attacks such as likelihood of success, impact, and required time or skill level. The resulting visualisations provide a link between attacks on an organisations and the contribution of parts of an organisation to the attack and its impact.

show abstract

“…In the TRE S PASS project [7], visualisations such as our approach contribute to the attack navigator [16,17]. Beyond this, the techniques presented here are widely applicable.…”

Section: Resultsmentioning

confidence: 99%

Understanding How Components of Organisations Contribute to Attacks

Aslanyan

Probst

2016

Secure IT Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…We have published key innovations in for example the attack navigation metaphor [14], making attacker profiles explicit [28], attack generation [20,21], quantitative analysis [29,30], and visualisation of maps and paths [31,32]. Our practical and theoretical developments open up for many new and interesting research questions in the area of attack navigation and graphical models for security, for example:…”

Section: Discussionmentioning

confidence: 99%

“…The attacker profiles also imply a link between attack navigators and security economics [14]. Both attackers and defenders have costs for their actions, and utility functions associated with the possible outcomes, but only a limited budget.…”

Section: The Attack Navigatormentioning

confidence: 99%

The Attack Navigator

Probst

Willemson

Pieters

2016

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

Abstract. The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions.

show abstract

New Directions in Attack Tree Research: Catching up with Industrial Needs

Gadyatskaya

Trujillo-Rasúa

2018

Graphical Models for Security

View full text Add to dashboard Cite

The Navigation Metaphor in Security Economics

Cited by 4 publications

References 12 publications

Understanding How Components of Organisations Contribute to Attacks

Understanding How Components of Organisations Contribute to Attacks

The Attack Navigator

New Directions in Attack Tree Research: Catching up with Industrial Needs

Contact Info

Product

Resources

About