Abstract
Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.
| Original language | English |
|---|---|
| Title of host publication | Second International Workshop GraMSec 2015 |
| Place of Publication | Switzerland |
| Publisher | Springer |
| Pages | 55-65 |
| Number of pages | 11 |
| ISBN (Print) | 9783319299679 |
| DOIs | |
| Publication status | Published - 6 Feb 2016 |
| Event | 2nd International Workshop on Graphical Models for Security, GraMSec 2015 - Verona, Italy Duration: 13 Jul 2015 → 13 Jul 2015 Conference number: 2 |
Publication series
| Name | Lecture Notes in Computer Science |
|---|---|
| Publisher | Springer Verlag |
| Volume | 9390 |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Workshop
| Workshop | 2nd International Workshop on Graphical Models for Security, GraMSec 2015 |
|---|---|
| Abbreviated title | GraMSec |
| Country/Territory | Italy |
| City | Verona |
| Period | 13/07/15 → 13/07/15 |
Keywords
- EC Grant Agreement nr.: FP7/318003
- EC Grant Agreement nr.: FP7/2007-2013
- Attack-defence trees · Socio-technical models · Generationof attack models · Generation of defences
- METIS-318540
- IR-101598
- EWI-27272