Attribute Decoration of Attack–Defense Trees-Reference-Cited by-同舟云学术

Attribute Decoration of Attack–Defense Trees

Published:2012-04 Issue:2 Volume:3 Page:1-35
ISSN:1947-3036
Container-title:International Journal of Secure Software Engineering
language:en
Short-container-title:

Author:

Bagnato Alessandra¹,Kordy Barbara²,Meland Per Håkon³,Schweitzer Patrick²

Affiliation:

1. TXT e-solutions, Italy

2. University of Luxembourg, Luxembourg

3. SINTEF ICT, Norway

Abstract

Attack–defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact, and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack–defense trees. First, the authors create an attack–defense tree for an RFID-based goods management system for a warehouse. Then, they explore how to use a rich set of attributes for attack and defense nodes and assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. The authors discuss different modeling choices and tradeoffs. The case study led them to define concrete guidelines that can be used by software developers, security analysts, and system owners when performing similar assessments.

Publisher

IGI Global

Subject

General Medicine

Reference34 articles.

1. Abdulla, P. A., Cederberg, J., & Kaati, L. (2010). Analyzing the security in the GSM radio network using attack jungles. In T. Margaria & B. Steffen (Eds.), Proceedings of the 4th International Conference on Leveraging Applications of Formal Methods, Verification, and Validation - Volume 1 (LNCS 6415, pp. 60-74).

2. Amenaza. (2011). SecurITree. Retrieved from http://www.amenaza.com/

3. Baca, D., & Petersen, K. (2010). Prioritizing countermeasures through the countermeasure method for software security (CM-Sec). In M. A. Babar, M. Vierimaa, & M. Oivo (Eds.), Proceedings of the 11th International Conference on Product-Focused Software Process Improvement (LNCS 6156, pp. 176-190).

4. Bistarelli, S., Dall’Aglio, M., & Peretti, P. (2007). Strategic games on defense trees. In T. Dimitrakos, F. Martinelli, P. Y. A. Ryan, & S. Schneider (Eds.), Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust (LNCS 4691, pp. 1-15).

Cited by 45 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Scalable and automated Evaluation of Blue Team cyber posture in Cyber Ranges;Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing;2024-04-08

2. ChatGPT Knows Your Attacks: Synthesizing Attack Trees Using LLMs;Communications in Computer and Information Science;2023

3. Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory;Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems;2022-04-18

4. Assessing cyber threats for storyless systems;Journal of Information Security and Applications;2022-02

5. Evaluating mail‐based security for electoral processes using attack trees;Risk Analysis;2022-01-24