Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees

Gadyatskaya, Olga; Harpes, Carlo; Mauw, Sjouke; Muller, Cedric; Muller, Steve

doi:10.1007/978-3-319-46263-9_5

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees

Gadyatskaya, Olga; Harpes, Carlo; Mauw, Sjouke et al.

2016 • In Proc. of GraMSec

Peer reviewed

Permalink
https://hdl.handle.net/10993/29224

DOI
10.1007/978-3-319-46263-9_5

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Bridging_Two_Worlds-CR.pdf

Author postprint (610.46 kB)

Request a copy

The original publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-46263-9_5

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

risk assessment; attack trees; countermeasure selection

Abstract :

[en] Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this short paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust - SnT

Disciplines :

Computer science

Author, co-author :

Gadyatskaya, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Harpes, Carlo

Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Muller, Cedric

Muller, Steve

External co-authors :

Language :

English

Title :

Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees

Publication date :

2016

Event name :

The Third International Workshop on Graphical Models for Security (GraMSec)

Event date :

27-06-2016

Audience :

International

Main work title :

Proc. of GraMSec

Publisher :

Springer

Collection name :

LNCS 9987

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

European Projects :

FP7 - 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security

FnR Project :

FNR5809105 - Attack-defence Trees: Theory Meets Practice, 2013 (01/07/2014-30/06/2017) - Sjouke Mauw

Name of the research project :

TREsPASS

Funders :

CE - Commission Européenne [BE]

Available on ORBilu :

since 02 January 2017

Statistics

Number of views

122 (10 by Unilu)

Number of downloads

2 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

WoS citations^™