Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study

Marlon Fraile, Margaret Ford, Olga Gadyatskaya, Rajesh Kumar, Mariëlle Ida Antoinette Stoelinga, Rolando Trujillo-Rasua

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    20 Citations (Scopus)
    1 Downloads (Pure)

    Abstract

    Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.
    Original languageUndefined
    Title of host publication9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM)
    Place of PublicationBerlin
    PublisherSpringer
    Pages326-334
    Number of pages9
    ISBN (Print)978-3-319-48392-4
    DOIs
    Publication statusPublished - 2016

    Publication series

    NameLecture Notes in Business Information Processing
    PublisherSpringer
    Volume267
    ISSN (Print)1865-1348

    Keywords

    • EWI-27289
    • EC Grant Agreement nr.: FP7/2007-2013
    • IR-101626
    • METIS-318548
    • EC Grant Agreement nr.: FP7/318003

    Cite this

    Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M. I. A., & Trujillo-Rasua, R. (2016). Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. In 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM) (pp. 326-334). (Lecture Notes in Business Information Processing; Vol. 267). Berlin: Springer. https://doi.org/10.1007/978-3-319-48393-1_24