Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study

Marlon Fraile, Margaret Ford, Olga Gadyatskaya, Rajesh Kumar, Mariëlle Ida Antoinette Stoelinga, Rolando Trujillo-Rasua

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    17 Citations (Scopus)
    1 Downloads (Pure)

    Abstract

    Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.
    Original languageUndefined
    Title of host publication9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM)
    Place of PublicationBerlin
    PublisherSpringer
    Pages326-334
    Number of pages9
    ISBN (Print)978-3-319-48392-4
    DOIs
    Publication statusPublished - 2016

    Publication series

    NameLecture Notes in Business Information Processing
    PublisherSpringer
    Volume267
    ISSN (Print)1865-1348

    Keywords

    • EWI-27289
    • EC Grant Agreement nr.: FP7/2007-2013
    • IR-101626
    • METIS-318548
    • EC Grant Agreement nr.: FP7/318003

    Cite this

    Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M. I. A., & Trujillo-Rasua, R. (2016). Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. In 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM) (pp. 326-334). (Lecture Notes in Business Information Processing; Vol. 267). Berlin: Springer. https://doi.org/10.1007/978-3-319-48393-1_24
    Fraile, Marlon ; Ford, Margaret ; Gadyatskaya, Olga ; Kumar, Rajesh ; Stoelinga, Mariëlle Ida Antoinette ; Trujillo-Rasua, Rolando. / Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM). Berlin : Springer, 2016. pp. 326-334 (Lecture Notes in Business Information Processing).
    @inproceedings{da033449ea72467da0318617d5e77323,
    title = "Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study",
    abstract = "Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.",
    keywords = "EWI-27289, EC Grant Agreement nr.: FP7/2007-2013, IR-101626, METIS-318548, EC Grant Agreement nr.: FP7/318003",
    author = "Marlon Fraile and Margaret Ford and Olga Gadyatskaya and Rajesh Kumar and Stoelinga, {Mari{\"e}lle Ida Antoinette} and Rolando Trujillo-Rasua",
    note = "Foreground = 100{\%}; Type of activity = conference; Main leader = GMVS; Type of audience = scientific community; Size of audience = 25; Countries addressed = international;",
    year = "2016",
    doi = "10.1007/978-3-319-48393-1_24",
    language = "Undefined",
    isbn = "978-3-319-48392-4",
    series = "Lecture Notes in Business Information Processing",
    publisher = "Springer",
    pages = "326--334",
    booktitle = "9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM)",

    }

    Fraile, M, Ford, M, Gadyatskaya, O, Kumar, R, Stoelinga, MIA & Trujillo-Rasua, R 2016, Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. in 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM). Lecture Notes in Business Information Processing, vol. 267, Springer, Berlin, pp. 326-334. https://doi.org/10.1007/978-3-319-48393-1_24

    Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. / Fraile, Marlon; Ford, Margaret; Gadyatskaya, Olga; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Trujillo-Rasua, Rolando.

    9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM). Berlin : Springer, 2016. p. 326-334 (Lecture Notes in Business Information Processing; Vol. 267).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study

    AU - Fraile, Marlon

    AU - Ford, Margaret

    AU - Gadyatskaya, Olga

    AU - Kumar, Rajesh

    AU - Stoelinga, Mariëlle Ida Antoinette

    AU - Trujillo-Rasua, Rolando

    N1 - Foreground = 100%; Type of activity = conference; Main leader = GMVS; Type of audience = scientific community; Size of audience = 25; Countries addressed = international;

    PY - 2016

    Y1 - 2016

    N2 - Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.

    AB - Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.

    KW - EWI-27289

    KW - EC Grant Agreement nr.: FP7/2007-2013

    KW - IR-101626

    KW - METIS-318548

    KW - EC Grant Agreement nr.: FP7/318003

    U2 - 10.1007/978-3-319-48393-1_24

    DO - 10.1007/978-3-319-48393-1_24

    M3 - Conference contribution

    SN - 978-3-319-48392-4

    T3 - Lecture Notes in Business Information Processing

    SP - 326

    EP - 334

    BT - 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM)

    PB - Springer

    CY - Berlin

    ER -

    Fraile M, Ford M, Gadyatskaya O, Kumar R, Stoelinga MIA, Trujillo-Rasua R. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. In 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM). Berlin: Springer. 2016. p. 326-334. (Lecture Notes in Business Information Processing). https://doi.org/10.1007/978-3-319-48393-1_24