New Directions in Attack Tree Research: Catching up with Industrial Needs

Gadyatskaya, Olga; Trujillo Rasua, Rolando

doi:10.1007/978-3-319-74860-3_9

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

New Directions in Attack Tree Research: Catching up with Industrial Needs

Gadyatskaya, Olga; Trujillo Rasua, Rolando

2018 • In Mauw, Sjouke (Ed.) Proceedings of the 4th International Workshop on Graphical Models for Security

Peer reviewed

Permalink
https://hdl.handle.net/10993/33731

DOI
10.1007/978-3-319-74860-3_9

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

GraMSec-2017-CR.pdf

Author postprint (169.76 kB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

attack trees; security risk management; industry

Abstract :

[en] Attack trees provide a systematic way of characterizing diverse system threats. Their strengths arise from the combination of an intuitive representation of possible attacks and availability of formal mathematical frameworks for analyzing them in a qualitative or a quantitative manner. Indeed, the mathematical frameworks have become a large focus of attack tree research. However, practical applications of attack trees in industry largely remain a tedious and error-prone exercise. Recent research directions in attack trees, such as attack tree generation, attempt to close this gap and to improve the attack tree state-of-thepractice. In this position paper we outline the recurrent challenges in manual tree design within industry, and we overview the recent research results in attack trees that help the practitioners. For the challenges that have not yet been addressed by the community, we propose new promising research directions.

Research center :

- Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other

Disciplines :

Computer science

Author, co-author :

Gadyatskaya, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Trujillo Rasua, Rolando ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

Language :

English

Title :

New Directions in Attack Tree Research: Catching up with Industrial Needs

Publication date :

January 2018

Event name :

The 4th International Workshop on Graphical Models for Security (GraMSec)

Event place :

Santa Barbara, United States

Event date :

21-08-2017

Audience :

International

Main work title :

Proceedings of the 4th International Workshop on Graphical Models for Security

Author, co-author :

Mauw, Sjouke

Publisher :

Springer

Collection name :

Lecture Notes in Computer Science 10744

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://link.springer.com/chapter/10.1007%2F978-3-319-74860-3_9

European Projects :

FP7 - 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security

FnR Project :

FNR5809105 - Attack-defence Trees: Theory Meets Practice, 2013 (01/07/2014-30/06/2017) - Sjouke Mauw

Name of the research project :

ADT2P

Funders :

CE - Commission Européenne [BE]

Available on ORBilu :

since 15 December 2017

Statistics

Number of views

142 (6 by Unilu)

Number of downloads

6 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Amenaza: Creating secure systems through attack tree modeling (2003). http://www.amenaza.com/
ANSSI: EBIOS – Expression des Besoins et Identification des Objectifs de Securite (2010)
Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Proceedings of SAFECOMP and Workshops, pp. 291–299 (2015)
Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7 6
Aslanyan, Z., Nielson, F., Parker, D.: Quantitative verification and synthesis of attack-defence scenarios. In: Proceedings of CSF. IEEE (2016)
Audinot, M., Pinchinat, S.: On the soundness of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 25–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9 2
Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute decoration of attack-defense trees. Int. J. Secure Softw. Eng. (IJSSE) 3(2), 1–35 (2012)
Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006). https://doi.org/10.1007/11962977 19
Bundesamt fur Sicherheit in der Informationstechnik: IT-Grundschutz-Catalogues, 13th version (2013)
Buyens, K., De Win, B., Joosen, W.: Empirical and statistical analysis of risk analysis-driven techniques for threat management. In: Proceedings of ARES. IEEE (2007)
Buzan, T., Buzan, B.: The mind map book: how to use radiant thinking to maximize your brain’s untapped potential. Plume, reprint edn., Mar 1996. http://www.amazon.com/exec/obidos/redirect?tag=citeulike07-20&path=ASIN/0452273226
Chen, C.: Top 10 unsolved information visualization problems. IEEE Comput. Graph. Appl. 25(4), 12–16 (2005)
Cleveland, W.: The elements of graphing data. AT&T Bell Laboratories (1994)
Czarnecki, K., Helsen, S.: Feature-based survey of model transformation approaches. IBM Syst. J. 45(3), 621–645 (2006)
Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48393-1 24
Gadyatskaya, O.: How to generate security cameras: towards defence generation for socio-technical systems. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 50–65. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29968-6 4
Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35–50. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44878-7 3
Gadyatskaya, O., Harpes, C., Mauw, S., Muller, C., Muller, S.: Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 80–93. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9 5
Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43425-4 10
Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., Willemse, T.A.C.: Refinement-aware generation of attack trees. In: Livraga, G., Mitchell, C. (eds.) STM 2017. LNCS, vol. 10547, pp. 164–179. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68063-7 11
Ghani, H., Luna Garcia, J., Petkov, I., Suri, N.: User-centric security assessment of software configurations: a case study. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS 2014. LNCS, vol. 8364, pp. 196–212. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04897-0 13
Hall, P., Heath, C., Coles-Kemp, L., Tanner, A.: Examining the contribution of critical visualisation to information security. In: Proceedings of NSPW. ACM (2015)
Hogganvik Grøndahl, I., Lund, M.S., Stølen, K.: Reducing the effort to comprehend risk models: text labels are often preferred over graphical means. Risk Anal. 31(11), 1813–1831 (2011)
Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29968-6 6
Jhawar, R., Lounis, K., Mauw, S.: A stochastic framework for quantitative analysis of attack-defense trees. In: Barthe, G., Markatos, E., Samarati, P. (eds.) STM 2016. LNCS, vol. 9871, pp. 138–153. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46598-2 10
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8 23
Karpati, P., Redda, Y., Opdahl, A., Sindre, G.: Comparing attack trees and misuse cases in an industrial setting. Inf. Softw. Technol. 56(3), 294–308 (2014)
Kordy, B., Mauw, S., Schweitzer, P.: Quantitative questions on attack–defense trees. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 49–64. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37682-5 5
Kordy, B., Kordy, P., van den Boom, Y.: SPTool – equivalence checker for SAND attack trees. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 105–113. Springer, Cham (2017). https://doi.org/10. 1007/978-3-319-54876-0 8
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1 15
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014). http://people.rennes.inria.fr/Barbara.Kordy/papers/ADT12.pdf
Kumar, R., Ruijters, E., Stoelinga, M.: Quantitative attack tree analysis via priced timed automata. In: Sankaranarayanan, S., Vicario, E. (eds.) FORMATS 2015. LNCS, vol. 9268, pp. 156–171. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22975-1 11
Labunets, K., Massacci, F., Paci, F.: On the equivalence between graphical and tabular representations for security risk assessment. In: Grünbacher, P., Perini, A. (eds.) REFSQ 2017. LNCS, vol. 10153, pp. 191–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54045-0 15
Labunets, K., Massacci, F., Paci, F.: An experimental comparison of two risk-based security methods. In: Proceedings of ESEM. pp. 163–172. IEEE (2013)
Labunets, K., Massacci, F., Paci, F., Marczak, S., de Oliveira, F.: Model comprehension for security risk assessment: an empirical comparison of tabular vs. graphical representations. Empir. Softw. Eng. 22(6), 3017–3056 (2017)
Lam, H., Bertini, E., Isenberg, P., Plaisant, C., Carpendale, S.: Empirical studies in information visualization: seven scenarios. IEEE Trans. Vis. Comput. Graph. 18(9), 1520–1536 (2012)
Li, E., Barendse, J., Brodbeck, F., Tanner, A.: From A to Z: developing a visual vocabulary for information security threat visualisation. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 102–118. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9 7
Matulevičius, R.: Model comprehension and stakeholder appropriateness of security risk-oriented modelling languages. In: Bider, I., Gaaloul, K., Krogstie, J., Nurcan, S., Proper, H.A., Schmidt, R., Soffer, P. (eds.) BPMDS/EMMSAD -2014. LNBIP, vol. 175, pp. 332–347. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43745-2 23
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727 17
Microsoft: Threat modeling (2003). https://msdn.microsoft.com/en-us/library/ff648644.aspx
Nielsen, J.: Evaluating information assurance control effectiveness on an air force supervisory control and data acquisition (SCADA) system. Technical report, DTIC Document (2011)
NIST: Special Publication 800-53 Revision 4. Security and privacy controls for federal information systems and organizations (2013). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Inf. Softw. Technol. 51(5), 916–932 (2009)
OWASP: CISO AppSec guide: criteria for managing application security risks (2013)
Schweitzer, P.: Attack–defense trees. Ph.D. thesis, University of Luxembourg (2013)
Paul, S.: Towards automating the construction & maintenance of attack trees: a feasibility study. In: Proceedings of GraMSec (2014)
Paul, S., Vignon-Davillier, R.: Unifying traditional risk assessment approaches with attack trees. J. Inf. Secur. Appl. 19(3), 165–181 (2014)
Pieters, W., Barendse, J., Ford, M., Heath, C., Probst, C.W., Verbij, R.: The navigation metaphor in security economics. IEEE Secur. Priv. 14(3), 14–21 (2016)
Pieters, W., Davarynejad, M.: Calculating adversarial risk from attack trees: control strength and probabilistic attackers. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 201–215. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17016-9 13
Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014. LNCS, vol. 8938, pp. 363–375. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15201-1 24
Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Cham (2016). https://doi.org/10. 1007/978-3-319-29968-6 7
Fredslund, M.P.: Automated synthesis of attack-defense trees using a library of component attacks. Master thesis, University of Luxembourg (2015)
Probst, C.W., Willemson, J., Pieters, W.: The attack navigator. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 1–17. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29968-6 1
Purchase, H.C., Cohen, R.F., James, M.I.: An experimental study of the basis for graph drawing algorithms. J. Exp. Algorithmics (JEA) 2, 4 (1997)
Roy, A., Kim, D.S., Trivedi, K.: Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. In: Proceedings of DSN. IEEE (2012)
Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Sci. Coll. 23(4), 124–131 (2008)
Schneier, B.: Attack trees. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999). http://www.ddj.com/security/184414879
Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, New York (2011)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Sommerville, I., Ransom, J.: An empirical study of industrial requirements engineering process assessment and improvement. ACM Trans. Softw. Eng. Methodol. 14(1), 85–117 (2005)
Staheli, D., Yu, T., Crouser, R.J., Damodaran, S., Nam, K., O’Gwynn, D., McKenna, S., Harrison, L.: Visualization evaluation for cyber security: trends and future directions. In: Proceedings of VizSec. ACM (2014)
Synopsis: How mapping the Ocean’s Eleven heist can make you better at application security testing (2015). https://www.synopsys.com/blogs/software-security/oceans-eleven-make-you-better-at-application-security-testing/
Ten, C.W., Liu, C.C., Govindarasu, M.: Vulnerability assessment of cybersecurity for scada systems using attack trees. In: Power Engineering Society General Meeting. IEEE (2007)
Tøndel, I.A., Jensen, J., Røstad, L.: Combining misuse cases with attack trees and security activity models. In: Proceedings of ARES. pp. 438–445. IEEE (2010)
TREsPASS: Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security, FP7 project, grant agreement 318003 (2012–2016). http://www.trespass-project.eu/
Vigo, R., Nielson, F., Nielson., H.R.: Automated generation of attack trees. In: Proceedings of CSF. IEEE (2014)
Vose, D.: Risk Analysis: A Quantitative Guide. Wiley, New York (2008)
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M., Regnell, B., Wesslén, A.: Experimentation in Software Engineering. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29044-2