Beyond 2014-Reference-Cited by-同舟云学术

Beyond 2014

Published:2020-07-31 Issue:4 Volume:52 Page:1-36
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Wideł Wojciech¹,Audinot Maxime²,Fila Barbara³^ORCID,Pinchinat Sophie²

Affiliation:

1. Univ Rennes, INSA Rennes, CNRS, IRISA, Rennes Cedex, France

2. Univ Rennes, CNRS, IRISA, Rennes Cedex, France

3. Univ Rennes, INSA Rennes, CNRS, IRISA, Rennes, France

Abstract

Attack trees are a well established and commonly used framework for security modeling. They provide a readable and structured representation of possible attacks against a system to protect. Their hierarchical structure reveals common features of the attacks and enables quantitative evaluation of security, thus highlighting the most severe vulnerabilities to focus on while implementing countermeasures. Since in real-life studies attack trees have a large number of nodes, their manual creation is a tedious and error-prone process, and their analysis is a computationally challenging task. During the last half decade, the attack tree community witnessed a growing interest in employing formal methods to deal with the aforementioned difficulties. We survey recent advances in graphical security modeling with focus on the application of formal methods to the interpretation, (semi-)automated creation, and quantitative analysis of attack trees and their extensions. We provide a unified description of existing frameworks, compare their features, and outline interesting open questions.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3331524

Reference102 articles.

1. 2005. Uppaal Cora. Retrieved May 29 2018 from: http://people.cs.aau.dk/adavid/cora/. 2005. Uppaal Cora. Retrieved May 29 2018 from: http://people.cs.aau.dk/adavid/cora/.

2. 2014. ATSyRA. Retrieved May 29 2018 from: https://gforge.inria.fr/plugins/mediawiki/wiki/building/index.php/. 2014. ATSyRA. Retrieved May 29 2018 from: https://gforge.inria.fr/plugins/mediawiki/wiki/building/index.php/.

3. 2018. ATSyRA Studio. Retrieved November 16 2018 from: http://atsyra2.irisa.fr/. 2018. ATSyRA Studio. Retrieved November 16 2018 from: http://atsyra2.irisa.fr/.

Cited by 49 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Optimal Scheduling of Agents in ADTrees: Specialized Algorithm and Declarative Models;IEEE Transactions on Reliability;2024-06

2. Survey: Automatic generation of attack trees and attack graphs;Computers & Security;2024-02

3. A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity;Electronics;2024-01-11

4. Semantics of Attack-Defense Trees for Dynamic Countermeasures and a New Hierarchy of Star-Free Languages;Lecture Notes in Computer Science;2024

5. Assessing the Understandability and Acceptance of Attack-Defense Trees for Modelling Security Requirements;Lecture Notes in Computer Science;2024