Collaborative attack modeling

Steffan, Jan; Schumacher, M.

doi:10.1145/508832.508843

Cited by 49 publications

(44 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Attack tree (AT) representation originates from fault trees which have been used in analyzing failing conditions of complex systems [5]. Attack trees are first used by Schneier [3] to provide a formal way of describing the security of a system.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Modeling and detection of complex attacks

Camtepe

Yener

2007

2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007

View full text Add to dashboard Cite

Abstract-A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Preconditioning is addressed in [9] and [5] by use of petri nets. A petri net consists of places, transitions and arcs connecting them.…”

Section: Related Workmentioning

confidence: 99%

Modeling and detection of complex attacks

Camtepe

Yener

2007

2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007

View full text Add to dashboard Cite

show abstract

“…Schneier [33,34] first introduced the attack-tree method for threat modeling. Steffan and Schumacher [36] explore collaborative attack modeling based on shared knowledge about vulnerabilities. Roscoe et al [30] discuss threat models for ubiquitous systems.…”

Section: Related Workmentioning

confidence: 99%

Toward a threat model for storage systems

Hasan

Myagmar

Lee

et al. 2005

Proceedings of the 2005 ACM Workshop on Storage Security and Survivability

View full text Add to dashboard Cite

The growing number of storage security breaches as well as the need to adhere to government regulations is driving the need for greater storage protection. However, there is the lack of a comprehensive process to designing storage protection solutions. Designing protection for storage systems is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. The purpose of threat modeling is to organize system threats and vulnerabilities into general classes to be addressed with known storage protection techniques. Although there has been prior work on threat modeling primarily for software applications, to our knowledge this is the first attempt at domain-specific threat modeling for storage systems. We discuss protection challenges unique to storage systems and propose two different processes to creating a threat model for storage systems: one based on classical security principles (C onfidentiality, I ntegrity, Availability, Authentication, or CIAA) and another based on the Data Lifecycle Model. It is our hope that this initial work will start a discussion on how to better design and implement storage protection solutions against storage threats.

show abstract

“…Subsequently, Steffan and Schumacher [29] proposed a similarly abstract knowledgesharing approach to attack modeling that combines the freeform mechanisms of Wiki publishing systems with conditional transitions as may be found in Petri nets, albeit without formalized semantics.…”

Section: Related Workmentioning

confidence: 99%