Experimental comparison of attack trees and misuse cases for security threat identification

Opdahl, Andreas L.; Sindre, Guttorm

doi:10.1016/j.infsof.2008.05.013

Cited by 109 publications

(77 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Fault trees were originally developed to identify the effects of component failures on a system [16] while attack trees traditionally focused on the effects of cyber security breaches [14]. There have been recent variants of these trees, and sometimes these trees have been used interchangeably [2,5,6,7,11]. However, these trees all have one thing in common: they are binaryvalued trees, connected with AND and OR operators.…”

Section: Introductionmentioning

confidence: 99%

Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities

Manikas

Thornton

Feinstein³

2011

2011 41st IEEE International Symposium on Multiple-Valued Logic

View full text Add to dashboard Cite

Abstract-System security continues to be of increasing importance. To effectively address both natural and intentional threats to large systems, the threats must be cataloged and analyzed. Extremely large and complex systems can have an accordingly large number of threat scenarios. Simply listing the threats and devising countermeasures for each is ineffective and not efficient. We describe a threat cataloging methodology whereby a large number of threats can be efficiently cataloged and analyzed for common features. This allows countermeasures to be formulated that address a large number of threats that share common features. The methodology utilizes MultipleValued Logic for describing the state of a large system and a multiple-valued decision diagram (MDD) for the threat catalog and analysis.Large System Security, Threat cataloging, MDD

show abstract

Section: Introductionmentioning

confidence: 99%

Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities

Manikas

Thornton

Feinstein³

2011

2011 41st IEEE International Symposium on Multiple-Valued Logic

View full text Add to dashboard Cite

show abstract

“…Opdahl and Sindre [21] compared misuse cases with attack trees in a controlled experiment with students and repeated it with industrial practitioners in [22]. Both studies showed that attack trees help to identify more threats than misuse cases, but both methods have similar perception.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Second, as all participants were provided with a catalogues, they could easily produce a large number of threats and control, irrespective of the method used. Further, [21] have also reported that different methods might help to generate outcomes of difference quality: participants using attack trees identified mainly generic threats, while misuse cases helped to identify more domain-specific threats.…”

Section: Peou Pumentioning

confidence: 99%

“…The posttask questionnaire was inspired by the Technology Acceptance Model (TAM) [31] and a similar questionnaire used in [21,9]. The questions were formulated in one sentence with answers on a 5-point Likert scale (1 -Strongly agree; 2 -Agree; 3 -Not certain; 4 -Agree; 5 -Strongly agree) 3 .…”

Section: Peou Pumentioning

confidence: 99%

“…The participants individually conducted SRA of two tasks from SmartGrid scenario using both methods. In [10,9] we followed the approach by Opdahl and Karpati [21] and used the number of threats and security controls identified using a method as a measure of the actual efficacy. Thus, we cannot compare current results with the results reported in [10,9], but this comparison can be done for the perception variables.…”

Section: Retrospective Analysismentioning

confidence: 99%

See 2 more Smart Citations

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

Labunets

Massacci

Paci

2017

Requirements Engineering: Foundation for Software Quality

View full text Add to dashboard Cite

Abstract.[Context] Many security risk assessment methods are proposed both in academia (typically with a graphical notation) and industry (typically with a tabular notation).[Question] We compare methods based on those two notations with respect to their actual and perceived efficacy when both groups are equipped with a domain-specific security catalogue (as typically available in industry risk assessments).[Results] Two controlled experiments with MSc students in computer science show that tabular and graphical methods are (statistically) equivalent in quality of identified threats and security controls. In the first experiment the perceived efficacy of tabular method was slightly better than the graphical one, and in the second experiment two methods are perceived as equivalent.[Contribution] A graphical notation does not warrant by itself better (security) requirements elicitation than a tabular notation in terms of the quality of actually identified requirements.

show abstract

Intelligent network security assessment with modeling and analysis of attack patterns

Kondakci

2012

Security Comm Networks

View full text Add to dashboard Cite

This paper presents a new concept for information security assessments while promoting several areas of its application. Threat generation, attack pattern analysis, quantitative risk computation, and network security monitoring locally or remotely are the major application areas of this concept. Instead of testing assets one by one, by applying separate repetitive attacks and assessments, the presented system generates and executes attacks once on a sample group, composes assessment data, and uses the data for the assessment of an entire network. This unique approach can be used as a model to guide the development of tool-based assessment systems, intelligent network security analysis, monitoring systems, and also as a complementary function in information security test and evaluation laboratories.

show abstract

Experimental comparison of attack trees and misuse cases for security threat identification

Cited by 109 publications

References 29 publications

Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities

Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

Intelligent network security assessment with modeling and analysis of attack patterns

Contact Info

Product

Resources

About