The Attack Navigator (Invited)

Christian W. Probst; Jan Willemson; Wolter Pieters

doi:10.1007/978-3-319-29968-6_1

The Attack Navigator (Invited)

Christian W. Probst, Jan Willemson, Wolter Pieters

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic › peer-review

8 Citations (Scopus)

2 Downloads (Pure)

Abstract

The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and develop-ment speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. There-fore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identi﬿es routes to an attacker goal. Speci﬿c attacker properties such as skill or resources can be included through attacker pro﬿les. This enables defenders to explore attack scenarios and the eﬀectiveness of defense alternatives under diﬀerent threat conditions.

Original language	English
Title of host publication	Graphical Models for Security
Subtitle of host publication	Second International Workshop, GraMSec 2015, Verona, Italy, July 13, 2015, Revised Selected Papers
Editors	Sjouke Mauw, Barbara Kordy, Sushil Jajodia
Place of Publication	Cham
Publisher	Springer
Pages	1-17
Number of pages	17
ISBN (Electronic)	978-3-319-29968-6
ISBN (Print)	978-3-319-29967-9
DOIs	https://doi.org/10.1007/978-3-319-29968-6_1
Publication status	Published - 6 Feb 2016
Event	2nd International Workshop on Graphical Models for Security, GraMSec 2015 - Verona, Italy Duration: 13 Jul 2015 → 13 Jul 2015 Conference number: 2

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9390
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	2nd International Workshop on Graphical Models for Security, GraMSec 2015
Abbreviated title	GraMSec
Country/Territory	Italy
City	Verona
Period	13/07/15 → 13/07/15

Keywords

METIS-316832
IR-100407
EC Grant Agreement nr.: FP7/2007-2013
EC Grant Agreement nr.: FP7/318003
Attack Navigator
EWI-26713

Access to Document

10.1007/978-3-319-29968-6_1

Cite this

Probst, C. W., Willemson, J., & Pieters, W. (2016). The Attack Navigator (Invited). In S. Mauw, B. Kordy, & S. Jajodia (Eds.), Graphical Models for Security: Second International Workshop, GraMSec 2015, Verona, Italy, July 13, 2015, Revised Selected Papers (pp. 1-17). (Lecture Notes in Computer Science; Vol. 9390). Springer. https://doi.org/10.1007/978-3-319-29968-6_1

@inbook{8d013191e2c54753b242954f148761e3,

title = "The Attack Navigator (Invited)",

abstract = "The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and develop-ment speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. There-fore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identi﬿es routes to an attacker goal. Speci﬿c attacker properties such as skill or resources can be included through attacker pro﬿les. This enables defenders to explore attack scenarios and the eﬀectiveness of defense alternatives under diﬀerent threat conditions.",

keywords = "METIS-316832, IR-100407, EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/318003, Attack Navigator, EWI-26713",

author = "Probst, {Christian W.} and Jan Willemson and Wolter Pieters",

note = "eemcs-eprint-26713 ; 2nd International Workshop on Graphical Models for Security, GraMSec 2015, GraMSec ; Conference date: 13-07-2015 Through 13-07-2015",

year = "2016",

month = feb,

day = "6",

doi = "10.1007/978-3-319-29968-6_1",

language = "English",

isbn = "978-3-319-29967-9",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "1--17",

editor = "Sjouke Mauw and Barbara Kordy and Sushil Jajodia",

booktitle = "Graphical Models for Security",

address = "Germany",

}

Probst, CW, Willemson, J & Pieters, W 2016, The Attack Navigator (Invited). in S Mauw, B Kordy & S Jajodia (eds), Graphical Models for Security: Second International Workshop, GraMSec 2015, Verona, Italy, July 13, 2015, Revised Selected Papers. Lecture Notes in Computer Science, vol. 9390, Springer, Cham, pp. 1-17, 2nd International Workshop on Graphical Models for Security, GraMSec 2015, Verona, Italy, 13/07/15. https://doi.org/10.1007/978-3-319-29968-6_1

The Attack Navigator (Invited). / Probst, Christian W.; Willemson, Jan; Pieters, Wolter.
Graphical Models for Security: Second International Workshop, GraMSec 2015, Verona, Italy, July 13, 2015, Revised Selected Papers. ed. / Sjouke Mauw; Barbara Kordy; Sushil Jajodia. Cham: Springer, 2016. p. 1-17 (Lecture Notes in Computer Science; Vol. 9390).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic › peer-review

TY - CHAP

T1 - The Attack Navigator (Invited)

AU - Probst, Christian W.

AU - Willemson, Jan

AU - Pieters, Wolter

N1 - Conference code: 2

PY - 2016/2/6

Y1 - 2016/2/6

N2 - The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and develop-ment speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. There-fore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identi﬿es routes to an attacker goal. Speci﬿c attacker properties such as skill or resources can be included through attacker pro﬿les. This enables defenders to explore attack scenarios and the eﬀectiveness of defense alternatives under diﬀerent threat conditions.

AB - The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and develop-ment speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. There-fore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identi﬿es routes to an attacker goal. Speci﬿c attacker properties such as skill or resources can be included through attacker pro﬿les. This enables defenders to explore attack scenarios and the eﬀectiveness of defense alternatives under diﬀerent threat conditions.

KW - METIS-316832

KW - IR-100407

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/318003

KW - Attack Navigator

KW - EWI-26713

U2 - 10.1007/978-3-319-29968-6_1

DO - 10.1007/978-3-319-29968-6_1

M3 - Chapter

SN - 978-3-319-29967-9

T3 - Lecture Notes in Computer Science

SP - 1

EP - 17

BT - Graphical Models for Security

A2 - Mauw, Sjouke

A2 - Kordy, Barbara

A2 - Jajodia, Sushil

PB - Springer

CY - Cham

T2 - 2nd International Workshop on Graphical Models for Security, GraMSec 2015

Y2 - 13 July 2015 through 13 July 2015

ER -

The Attack Navigator (Invited)

Abstract

Publication series

Workshop

Keywords

Access to Document

Fingerprint

Cite this