Attack Tree Generation by Policy Invalidation

Marieta Georgieva Ivanova, Christian W. Probst, René Rydhof Hansen, Florian Kammüller

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    13 Citations (Scopus)

    Abstract

    Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identi﬿cation. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identi﬿ed through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the sys- tem model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps.
    Original languageEnglish
    Title of host publication9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015
    EditorsR. Naeem Akram, S. Jajodia
    Place of PublicationBerlin
    PublisherSpringer
    Pages249-259
    Number of pages11
    ISBN (Print)9783319240183
    DOIs
    Publication statusPublished - 24 Aug 2015
    Event9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015 - Heraklion, Crete, Greece
    Duration: 24 Aug 201525 Aug 2015
    Conference number: 9

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume9311
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015
    Abbreviated titleWISTP
    CountryGreece
    CityHeraklion, Crete
    Period24/08/1525/08/15
    Other24-25 August 2015

    Keywords

    • Attack Tree Generation
    • Policy Invalidation
    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/318003

    Fingerprint Dive into the research topics of 'Attack Tree Generation by Policy Invalidation'. Together they form a unique fingerprint.

    Cite this