Abstract
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabilities, attacks that can exploit these vulnerabilities, and countermeasures that can mitigate the attacks. E.g., the attack tree generation by policy invalidation approach looks at systematic automatic generation of attack trees from a socio-technical model of an organization. Attack trees succinctly represent the ways to attack the system. They are useful for identifying the most dangerous attacks, and can be explained to the stakeholders. We now propose a technique to generate attack-defence trees from a socio- technical model. Generated trees incorporate not only attacks, but also defences already present in the system. Furthermore, they can be further used as a basis for risk treatment.
| Original language | English |
|---|---|
| Title of host publication | 1st European Symposium on Security and Privacy |
| Place of Publication | USA |
| Publisher | IEEE |
| Pages | Poster 6- |
| Number of pages | 2 |
| Publication status | Published - Mar 2016 |
| Event | 1st IEEE European Symposium on Security and Privacy, EuroS&P 2016 - Congress Center Saar, Saarbrücken, Germany Duration: 21 Mar 2016 → 24 Mar 2016 Conference number: 1 |
Publication series
| Name | |
|---|---|
| Publisher | IEEE Computer Society |
Conference
| Conference | 1st IEEE European Symposium on Security and Privacy, EuroS&P 2016 |
|---|---|
| Abbreviated title | EuroS&P |
| Country/Territory | Germany |
| City | Saarbrücken |
| Period | 21/03/16 → 24/03/16 |
Keywords
- METIS-318572
- EC Grant Agreement nr.: FP7/2007-2013
- EWI-27350
- IR-101821
- EC Grant Agreement nr.: FP7/318003
Fingerprint
Dive into the research topics of 'Automating Defence Generation for Risk Assessment'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver