Abstract
Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.
| Original language | English |
|---|---|
| Title of host publication | Revised Selected Papers from the 2nd International Workshop on Graphical Models for Security (GraMSec 2015) |
| Publisher | Springer |
| Publication date | 2016 |
| Pages | 82-96 |
| ISBN (Print) | 978-3-319-29967-9 |
| ISBN (Electronic) | 978-3-319-29968-6 |
| DOIs | |
| Publication status | Published - 2016 |
| Event | The Second International Workshop on Graphical Models for Security - Verona, Italy Duration: 13 Jul 2015 → 13 Jul 2015 Conference number: 2 |
Conference
| Conference | The Second International Workshop on Graphical Models for Security |
|---|---|
| Number | 2 |
| Country/Territory | Italy |
| City | Verona |
| Period | 13/07/2015 → 13/07/2015 |
| Series | Lecture Notes in Computer Science |
|---|---|
| Volume | 9390 |
| ISSN | 0302-9743 |