Exploiting Bayesian Networks for the Analysis of Combined Attack Trees

We propose a novel attack tree model, called a subjective attack tree, aiming to address the limitations of traditional attack trees, which use precise values for likelihoods of security events. In many situations, it is often difficult to elicit accurate probabilities due to lack of knowledge, or insufficient historical data, making the evaluation of risk in existing approaches unreliable. In this paper, we consider the modelling of uncertainty about probabilities, via subjective opinions, resulting in a model taking second-order uncertainty into account. We propose an approach to derive subjective opinions about security events based on two main criteria, namely a vulnerability level and technical difficulty to conduct an attack, using subjective logic. These subjective opinions are then used as input parameters in the proposed model. The propagation method of subjective opinions is also discussed. Our approach is evaluated against traditional attack trees using the Stuxnet self-installation scenario. Our results show that taking uncertainty about probabilities into account during security risk analysis can lead to different outcomes, and therefore different security decisions.

show abstract

“…A Bayesian network approach for ATs is explored in [8]. The authors proposed a methodology that translates ATs into Bayesian Networks.…”

Section: Attack Trees and Related Workmentioning

confidence: 99%

Modelling Security Risk Scenarios Using Subjective Attack Trees

Al-Hadhrami

Collinson

Oren

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…A large number of AT analysis frameworks have been developed, based on lattice theory [18], timed automata [11,21,23], I/O-IMCs [3,22], Bayesian networks [13], Petri nets [8], stochastic games [4,15], etc. We refer to [20] for an overview of AT formalisms.…”

Section: Related Workmentioning

confidence: 99%

“…Systematic model transformations. Many AT analysis methods are based on converting the AT into a mathematical model that can be analyzed with existing formal techniques, such as timed automata [11,23], Bayesian networks [13], Petri nets [8], etc. An important contribution of our work is to make these translations more systematic, and therefore more extensible, maintainable, reusable, and less error-prone.…”

Section: Introductionmentioning

confidence: 99%

Effective Analysis of Attack Trees: A Model-Driven Approach

Kumar

Schivo

Ruijters

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features. We present ATTop, a software bridging tool that enables automated analysis of ATs using a model-driven engineering approach. ATTop fulfills two purposes: 1. It facilitates interoperation between several AT analysis methodologies and resulting tools (e.g., ATE, ATCalc, ADTool 2.0), 2. it can perform a comprehensive analysis of attack trees by translating them into timed automata and analyzing them using the popular model checker Uppaal, and translating the analysis results back to the original ATs. Technically, our approach uses various metamodels to provide a unified description of AT variants. Based on these metamodels, we perform model transformations that allow to apply various analysis methods to an AT and trace the results back to the AT domain. We illustrate our approach on the basis of a case study from the AT literature.

show abstract

“…Identify threats: Possible threats to the system that could lead to vulnerabilities were characterized as high, medium, or low. Informed by expert opinion, the developer’s past experience, and industry trends and standards, we focused on identifying anticipated threats rather than every possible threat, as the latter could have been overwhelming and unrealistic to accomplish ( Gribaudo, Iacono, & Marrone, 2015 ; Oyelami & Ithnin, 2015 ). We used this process to decide which aspects of P&S were worth protecting.…”

Section: Developing a Privacy And Security Checklist For A Multi-usermentioning

confidence: 99%

Privacy and Security in Multi-User Health Kiosks

Takyi

Watzlaf

Matthews³

et al. 2017

Int J Telerehab

View full text Add to dashboard Cite

Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) has gotten stricter and penalties have become more severe in response to a significant increase in computer-related information breaches in recent years. With health information said to be worth twice as much as other forms of information on the underground market, making preservation of privacy and security an integral part of health technology development, rather than an afterthought, not only mitigates risks but also helps to ensure HIPAA and HITECH compliance. This paper provides a guide, based on the Office for Civil Rights (OCR) audit protocol, for creating and maintaining an audit checklist for multi-user health kiosks. Implementation of selected audit elements for a multi-user health kiosk designed for use by community-residing older adults illustrates how the guide can be applied.

show abstract

Exploiting Bayesian Networks for the Analysis of Combined Attack Trees

Cited by 33 publications

References 17 publications

Modelling Security Risk Scenarios Using Subjective Attack Trees

Modelling Security Risk Scenarios Using Subjective Attack Trees

Effective Analysis of Attack Trees: A Model-Driven Approach

Privacy and Security in Multi-User Health Kiosks

Contact Info

Product

Resources

About