Abstract
Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.
Original language | English |
---|---|
Title of host publication | Second International Workshop GraMSec 2015 |
Place of Publication | Switzerland |
Publisher | Springer |
Pages | 55-65 |
Number of pages | 11 |
ISBN (Print) | 9783319299679 |
DOIs | |
Publication status | Published - 6 Feb 2016 |
Event | 2nd International Workshop on Graphical Models for Security, GraMSec 2015 - Verona, Italy Duration: 13 Jul 2015 → 13 Jul 2015 Conference number: 2 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer Verlag |
Volume | 9390 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Workshop
Workshop | 2nd International Workshop on Graphical Models for Security, GraMSec 2015 |
---|---|
Abbreviated title | GraMSec |
Country/Territory | Italy |
City | Verona |
Period | 13/07/15 → 13/07/15 |
Keywords
- EC Grant Agreement nr.: FP7/318003
- EC Grant Agreement nr.: FP7/2007-2013
- Attack-defence trees · Socio-technical models · Generationof attack models · Generation of defences
- METIS-318540
- IR-101598
- EWI-27272