Attack tree generation by policy invalidation
Conference paper
Ivanova, M., Probst, C., Hansen, R. and Kammueller, F. 2015. Attack tree generation by policy invalidation. 9th WISTP International Conference on Information Security Theory and Practice (WISTP 2015). Heraklion, Crete, Greece 24 - 25 Aug 2015 Springer. pp. 249-259 https://doi.org/10.1007/978-3-319-24018-3_16
Type | Conference paper |
---|---|
Title | Attack tree generation by policy invalidation |
Authors | Ivanova, M., Probst, C., Hansen, R. and Kammueller, F. |
Abstract | Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This humanising of attacks complicates their formal treatment and automatic identification; formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps. To the best of our knowledge this is the first formalisation of an approach to generating attack trees including steps on the technical and social level. |
Conference | 9th WISTP International Conference on Information Security Theory and Practice (WISTP 2015) |
Page range | 249-259 |
ISSN | 0302-9743 |
ISBN | |
Hardcover | 9783319240176 |
Publisher | Springer |
Publication dates | |
Online | 24 Oct 2015 |
25 Aug 2015 | |
Publication process dates | |
Deposited | 15 Jun 2015 |
Accepted | 17 Jun 2015 |
Output status | Published |
Additional information | Paper published as: Ivanova M.G., Probst C.W., Hansen R.R., Kammüller F. (2015) Attack Tree Generation by Policy Invalidation. In: Akram R., Jajodia S. (eds) Information Security Theory and Practice. WISTP 2015. Lecture Notes in Computer Science, vol 9311. Springer, Cham |
Digital Object Identifier (DOI) | https://doi.org/10.1007/978-3-319-24018-3_16 |
Language | English |
Book title | Information Security Theory and Practice: 9th IFIP WG 11.2 International Conference, WISTP 2015, Heraklion, Crete, Greece, August 24-25, 2015. Proceedings |
https://repository.mdx.ac.uk/item/859w0
35
total views0
total downloads1
views this month0
downloads this month