Refinement-aware generation of attack trees

O. Gadyatskaya; R. Jhawar; S. Mauw; R. Trujillo-Rasua; T.A.C. Willemse

doi:10.1007/978-3-319-68063-7_11

Refinement-aware generation of attack trees

O. Gadyatskaya, R. Jhawar, S. Mauw, R. Trujillo-Rasua, T.A.C. Willemse

Formal System Analysis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

11 Citations (Scopus)

Abstract

Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantically relevant levels of abstraction is still an open question. In this paper, we formulate the attack-tree generation problem and propose a methodology to, given a system model, generate attack trees with meaningful levels of abstraction.

Original language	English
Title of host publication	Security and Trust Management
Subtitle of host publication	13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017, Proceedings
Editors	G. Livraga, C. Mitchell
Place of Publication	Dordrecht
Publisher	Springer
Pages	164-179
Number of pages	16
ISBN (Electronic)	978-3-319-68063-7
ISBN (Print)	978-3-319-68062-0
DOIs	https://doi.org/10.1007/978-3-319-68063-7_11
Publication status	Published - 2017
Event	13th International Workshop on Security and Trust Management, STM 2017 - Oslo, Norway Duration: 14 Sept 2017 → 15 Sept 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10547 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	13th International Workshop on Security and Trust Management, STM 2017
Country/Territory	Norway
City	Oslo
Period	14/09/17 → 15/09/17

Access to Document

10.1007/978-3-319-68063-7_11

Cite this

Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., & Willemse, T. A. C. (2017). Refinement-aware generation of attack trees. In G. Livraga, & C. Mitchell (Eds.), Security and Trust Management: 13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017, Proceedings (pp. 164-179). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10547 LNCS). Springer. https://doi.org/10.1007/978-3-319-68063-7_11

Gadyatskaya, O. ; Jhawar, R. ; Mauw, S. et al. / Refinement-aware generation of attack trees. Security and Trust Management: 13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017, Proceedings. editor / G. Livraga ; C. Mitchell. Dordrecht : Springer, 2017. pp. 164-179 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{460b87df4cb04b0d887ee4b02eef4f9d,

title = "Refinement-aware generation of attack trees",

abstract = "Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantically relevant levels of abstraction is still an open question. In this paper, we formulate the attack-tree generation problem and propose a methodology to, given a system model, generate attack trees with meaningful levels of abstraction.",

author = "O. Gadyatskaya and R. Jhawar and S. Mauw and R. Trujillo-Rasua and T.A.C. Willemse",

year = "2017",

doi = "10.1007/978-3-319-68063-7_11",

language = "English",

isbn = "978-3-319-68062-0",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "164--179",

editor = "G. Livraga and C. Mitchell",

booktitle = "Security and Trust Management",

address = "Germany",

note = "13th International Workshop on Security and Trust Management, STM 2017 ; Conference date: 14-09-2017 Through 15-09-2017",

}

Gadyatskaya, O, Jhawar, R, Mauw, S, Trujillo-Rasua, R & Willemse, TAC 2017, Refinement-aware generation of attack trees. in G Livraga & C Mitchell (eds), Security and Trust Management: 13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10547 LNCS, Springer, Dordrecht, pp. 164-179, 13th International Workshop on Security and Trust Management, STM 2017, Oslo, Norway, 14/09/17. https://doi.org/10.1007/978-3-319-68063-7_11

Refinement-aware generation of attack trees. / Gadyatskaya, O.; Jhawar, R.; Mauw, S. et al.

Security and Trust Management: 13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017, Proceedings. ed. / G. Livraga; C. Mitchell. Dordrecht : Springer, 2017. p. 164-179 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10547 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Refinement-aware generation of attack trees

AU - Gadyatskaya, O.

AU - Jhawar, R.

AU - Mauw, S.

AU - Trujillo-Rasua, R.

AU - Willemse, T.A.C.

PY - 2017

Y1 - 2017

N2 - Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantically relevant levels of abstraction is still an open question. In this paper, we formulate the attack-tree generation problem and propose a methodology to, given a system model, generate attack trees with meaningful levels of abstraction.

AB - Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantically relevant levels of abstraction is still an open question. In this paper, we formulate the attack-tree generation problem and propose a methodology to, given a system model, generate attack trees with meaningful levels of abstraction.

UR - http://www.scopus.com/inward/record.url?scp=85030168570&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-68063-7_11

DO - 10.1007/978-3-319-68063-7_11

M3 - Conference contribution

AN - SCOPUS:85030168570

SN - 978-3-319-68062-0

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 164

EP - 179

BT - Security and Trust Management

A2 - Livraga, G.

A2 - Mitchell, C.

PB - Springer

CY - Dordrecht

T2 - 13th International Workshop on Security and Trust Management, STM 2017

Y2 - 14 September 2017 through 15 September 2017

ER -

Gadyatskaya O, Jhawar R, Mauw S, Trujillo-Rasua R, Willemse TAC. Refinement-aware generation of attack trees. In Livraga G, Mitchell C, editors, Security and Trust Management: 13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017, Proceedings. Dordrecht: Springer. 2017. p. 164-179. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-68063-7_11

Refinement-aware generation of attack trees

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this