• 7 Citations

Abstract

The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.
Original languageUndefined
Title of host publicationComputer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR
EditorsFloor Koornneef, Coen van Gulijk
Place of PublicationZurich
PublisherSpringer Verlag
Pages291-299
Number of pages9
ISBN (Print)978-3-319-24248-4
DOIs
StatePublished - Sep 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume9338
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Engineers
Planning

Keywords

  • EC Grant Agreement nr.: FP7/318003
  • EWI-26252
  • EC Grant Agreement nr.: FP7/2007-2013
  • SEQ-OR
  • METIS-312708
  • IR-97256
  • Case Studies
  • Markov Automata
  • Attack Tree
  • Seq-AND

Cite this

Arnold, F., Guck, D., Kumar, R., & Stoelinga, M. I. A. (2015). Sequential and Parallel Attack Tree Modelling. In F. Koornneef, & C. van Gulijk (Eds.), Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR (pp. 291-299). (Lecture Notes in Computer Science; Vol. 9338). Zurich: Springer Verlag. DOI: 10.1007/978-3-319-24249-1_25

Arnold, Florian; Guck, Dennis; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette / Sequential and Parallel Attack Tree Modelling.

Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR. ed. / Floor Koornneef; Coen van Gulijk. Zurich : Springer Verlag, 2015. p. 291-299 (Lecture Notes in Computer Science; Vol. 9338).

Research output: Scientific - peer-reviewConference contribution

@inbook{451bb9bff36348ec9d6aef9b5081e830,
title = "Sequential and Parallel Attack Tree Modelling",
abstract = "The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.",
keywords = "EC Grant Agreement nr.: FP7/318003, EWI-26252, EC Grant Agreement nr.: FP7/2007-2013, SEQ-OR, METIS-312708, IR-97256, Case Studies, Markov Automata, Attack Tree, Seq-AND",
author = "Florian Arnold and Dennis Guck and Rajesh Kumar and Stoelinga, {Mariëlle Ida Antoinette}",
note = "Foreground = 80%; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;",
year = "2015",
month = "9",
doi = "10.1007/978-3-319-24249-1_25",
isbn = "978-3-319-24248-4",
series = "Lecture Notes in Computer Science",
publisher = "Springer Verlag",
pages = "291--299",
editor = "Floor Koornneef and {van Gulijk}, Coen",
booktitle = "Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR",
address = "Germany",

}

Arnold, F, Guck, D, Kumar, R & Stoelinga, MIA 2015, Sequential and Parallel Attack Tree Modelling. in F Koornneef & C van Gulijk (eds), Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR. Lecture Notes in Computer Science, vol. 9338, Springer Verlag, Zurich, pp. 291-299. DOI: 10.1007/978-3-319-24249-1_25

Sequential and Parallel Attack Tree Modelling. / Arnold, Florian; Guck, Dennis; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette.

Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR. ed. / Floor Koornneef; Coen van Gulijk. Zurich : Springer Verlag, 2015. p. 291-299 (Lecture Notes in Computer Science; Vol. 9338).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Sequential and Parallel Attack Tree Modelling

AU - Arnold,Florian

AU - Guck,Dennis

AU - Kumar,Rajesh

AU - Stoelinga,Mariëlle Ida Antoinette

N1 - Foreground = 80%; Type of activity = conference; Main leader = UT; Type of audience = scientific community; Size of audience = 30; Countries addressed = international;

PY - 2015/9

Y1 - 2015/9

N2 - The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.

AB - The intricacy of socio-technical systems requires a careful planning and utilisation of security resources to ensure uninterrupted, secure and reliable services. Even though many studies have been conducted to understand and model the behaviour of a potential attacker, the detection of crucial security vulnerabilities in such a system still provides a substantial challenge for security engineers. The success of a sophisticated attack crucially depends on two factors: the resources and time available to the attacker; and the stepwise execution of interrelated attack steps. This paper presents an extension of dynamic attack tree models by using both, the sequential and parallel behaviour of AND and OR-gates. Thereby we take great care to allow the modelling of any kind of temporal and stochastic dependencies which might occur in the model. We demonstrate the applicability on several case studies.

KW - EC Grant Agreement nr.: FP7/318003

KW - EWI-26252

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - SEQ-OR

KW - METIS-312708

KW - IR-97256

KW - Case Studies

KW - Markov Automata

KW - Attack Tree

KW - Seq-AND

U2 - 10.1007/978-3-319-24249-1_25

DO - 10.1007/978-3-319-24249-1_25

M3 - Conference contribution

SN - 978-3-319-24248-4

T3 - Lecture Notes in Computer Science

SP - 291

EP - 299

BT - Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR

PB - Springer Verlag

ER -

Arnold F, Guck D, Kumar R, Stoelinga MIA. Sequential and Parallel Attack Tree Modelling. In Koornneef F, van Gulijk C, editors, Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR. Zurich: Springer Verlag. 2015. p. 291-299. (Lecture Notes in Computer Science). Available from, DOI: 10.1007/978-3-319-24249-1_25