Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis-Reference-Cited by-同舟云学术

Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis

Published:2023-08-29 Issue:9 Volume:14 Page:481
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Bryans Jeremy¹,Liew Lin Shen²,Nguyen Hoang Nga³^ORCID,Sabaliauskaite Giedre³^ORCID,Shaikh Siraj Ahmed³

Affiliation:

1. Systems Security Group, Centre for Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK

2. iTrust, Singapore University of Technology and Design, Singapore 487372, Singapore

3. Systems Security Group, Department of Computer Science, Swansea University, Swansea SA1 8EN, UK

Abstract

Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain.

Publisher

MDPI AG

Subject

Information Systems

Link

https://www.mdpi.com/2078-2489/14/9/481/pdf

Reference59 articles.

1. Schneier, B. (2023, July 01). AT: Modeling Security Threats. Available online: https://www.schneier.com/academic/archives/1999/12/attack_trees.html.

2. (2021). Road Vehicles—Cybersecurity Engineering (Standard No. BS ISO/SAE 21434:2021).

3. DAG-based attack and defense modeling: Don’t miss the forest for the attack trees;Kordy;Comput. Sci. Rev.,2014

4. On Quantitative Analysis of Attack–Defense Trees with Repeated Labels;Bauer;Principles of Security and Trust,2018

5. Arnold, F., Hermanns, H., Pulungan, R., and Stoelinga, M. (2014, January 5–13). Time-dependent analysis of attacks. Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Risk analysis of cyber networks: a quantitative approach based on attack-defense trees;Journal of Innovative Engineering and Natural Science;2023-12-14