2016
DOI: 10.1007/978-3-319-29968-6_4
|View full text |Cite
|
Sign up to set email alerts
|

How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Abstract: Abstract. Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bund… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
17
0

Year Published

2016
2016
2018
2018

Publication Types

Select...
6

Relationship

5
1

Authors

Journals

citations
Cited by 11 publications
(17 citation statements)
references
References 16 publications
0
17
0
Order By: Relevance
“…The trees we generate are refinement-aware, and thus provide more insight to the analyst than attack trees generated by previously proposed approaches, such as [IPHK15,Gad15,HKT13,VNN14]. Furthermore, our approach derives the refinement relation from the system model itself, and so it reduces the load on the analyst in comparison to the ATSyRA approach [PAV15].…”
Section: Discussionmentioning
confidence: 99%
See 3 more Smart Citations
“…The trees we generate are refinement-aware, and thus provide more insight to the analyst than attack trees generated by previously proposed approaches, such as [IPHK15,Gad15,HKT13,VNN14]. Furthermore, our approach derives the refinement relation from the system model itself, and so it reduces the load on the analyst in comparison to the ATSyRA approach [PAV15].…”
Section: Discussionmentioning
confidence: 99%
“…It can be facilitated by applying industry threat catalogues [FFG`16] and security knowledge bases [GLPS14], but these information sources may be unavailable for particular organizations or too generic to be useful. This is why recently researchers started to develop techniques for generating attack trees automatically [VNN14,IPHK15,HKT13,PAV15,Gad15].…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations
“…The analyst and the stakeholders will then identify relevant abstract attack scenarios (expected attacker profiles and assets that could be compromized). Afterwards, the TREsPASS toolset generates a set of concrete threat scenarios represented as attack trees [9,4], which are then extended and annotated with data using a knowledge base populated at the preparation phase. The extended and annotated trees are then analyzed to identify critical attack scenarios [6], which are traced back to socio-technical model elements affected and visualized to the stakeholders.…”
Section: Evaluation Of Trespassmentioning
confidence: 99%