2017
DOI: 10.15439/2017f112
|View full text |Cite
|
Sign up to set email alerts
|

Representation of Attacker Motivation in Software Risk Assessment Using Attack Probability Trees

Abstract: Abstract-Since software plays an ever more important role in measuring instruments, risk assessments for such instruments required by European regulations will usually include also a risk assessment of the software. Although previously introduced methods still lack efficient means for the representation of attacker motivation and have no prescribed way of constructing attack scenarios, attack trees have been used for several years in similar application scenarios. These trees are here developed into attack pro… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
22
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
3
2
1

Relationship

3
3

Authors

Journals

citations
Cited by 10 publications
(22 citation statements)
references
References 9 publications
0
22
0
Order By: Relevance
“…Once these have been implemented, the phases of risk estimation and risk evaluation (including amendments, where necessary) are repeated until the risk score is reduced to 3 or lower. Since attack vectors for real-world measuring instruments might become very complex, they can be decomposed by means of Attack Probability Trees (AtPT), see [6]. These AtPTs can be used by an assessor to subdivide any given attack vector, evaluate the sub-goals and to find the attack probability score for the original complex attack vector.…”
Section: Risk Evaluationmentioning
confidence: 99%
See 1 more Smart Citation
“…Once these have been implemented, the phases of risk estimation and risk evaluation (including amendments, where necessary) are repeated until the risk score is reduced to 3 or lower. Since attack vectors for real-world measuring instruments might become very complex, they can be decomposed by means of Attack Probability Trees (AtPT), see [6]. These AtPTs can be used by an assessor to subdivide any given attack vector, evaluate the sub-goals and to find the attack probability score for the original complex attack vector.…”
Section: Risk Evaluationmentioning
confidence: 99%
“…To start the comparison, assessors from these NBs took part in a training exercise. The training covered both the basic procedure [2] as well as AtPTs [6]. Afterwards, see Subsection III-A, two generic measuring instruments were selected for all partners to assess.…”
Section: Inter-institutional Comparison and Identification Of Chmentioning
confidence: 99%
“…An adequate analysis and assessment of the risk shall be performed following the proposed method in Esche and Thiel . This risk assessment method has been formalized and developed into a graphical representation in Esche et al that will be used in further work. Carrying out a risk assessment for contemporary threats will satisfy the remaining requirement presented in the overview in Figure .…”
Section: Future Workmentioning
confidence: 99%
“…Thus, there is a need for in‐depth evaluation to determine if Cloud Computing is mature enough to meet the demands, requirements, and challenges of Legal Metrology. According to estimations about four to six percent of the gross national income is declared by Legal Metrology in European countries (see Section 1.1).…”
Section: Introductionmentioning
confidence: 99%
“…By objectifying the derived probability score for identified threats while following at the same time the guidelines of ISO/IEC 27005, ISO/IEC 15408 and ISO/IEC 18045, this risk assessment method enables comparability and standardizes the otherwise highly subjective assessment process. Furthermore, potential countermeasures are identified and quantified using Attack Probability Trees (AtPT) [6] for derived assets to be suitable protected.…”
Section: Introductionmentioning
confidence: 99%