Automating Defence Generation for Risk Assessment

Olga Gadyatskaya

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    12 Downloads (Pure)

    Abstract

    Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabilities, attacks that can exploit these vulnerabilities, and countermeasures that can mitigate the attacks. E.g., the attack tree generation by policy invalidation approach looks at systematic automatic generation of attack trees from a socio-technical model of an organization. Attack trees succinctly represent the ways to attack the system. They are useful for identifying the most dangerous attacks, and can be explained to the stakeholders. We now propose a technique to generate attack-defence trees from a socio- technical model. Generated trees incorporate not only attacks, but also defences already present in the system. Furthermore, they can be further used as a basis for risk treatment.
    Original languageEnglish
    Title of host publication1st European Symposium on Security and Privacy
    Place of PublicationUSA
    PublisherIEEE Computer Society
    PagesPoster 6-
    Number of pages2
    Publication statusPublished - Mar 2016
    Event1st IEEE European Symposium on Security and Privacy, EuroS&P 2016 - Congress Center Saar, Saarbrücken, Germany
    Duration: 21 Mar 201624 Mar 2016
    Conference number: 1

    Publication series

    Name
    PublisherIEEE Computer Society

    Conference

    Conference1st IEEE European Symposium on Security and Privacy, EuroS&P 2016
    Abbreviated titleEuroS&P
    CountryGermany
    CitySaarbrücken
    Period21/03/1624/03/16

    Keywords

    • METIS-318572
    • EC Grant Agreement nr.: FP7/2007-2013
    • EWI-27350
    • IR-101821
    • EC Grant Agreement nr.: FP7/318003

    Fingerprint Dive into the research topics of 'Automating Defence Generation for Risk Assessment'. Together they form a unique fingerprint.

    Cite this