Threat modeling using attack trees
Journal of Computing Sciences in Colleges
A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees
Computing Exact Outcomes of Multi-parameter Attack Trees
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Processing multi-parameter attacktrees with estimated parameter values
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Practical security analysis of e-voting systems
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Rational choice of security measures via multi-parameter attack trees
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Optimal adversary behavior for the serial model of financial attack trees
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Attack-defense trees and two-player binary zero-sum extensive form games are equivalent
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Technical Communication: Attribution of attack trees
Computers and Electrical Engineering
On fast and approximate attack tree computations
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Computational aspects of attack---defense trees
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
A systematic process-model-based approach for synthesizing attacks and evaluating them
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Quantitative questions on attack: defense trees
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
In this paper we extend the standard attack tree model by introducing temporal order to the attacker's decision making process. This will allow us to model the attacker's behaviour more accurately, since this way it is possible to study his actions related to dropping some of the elementary attacks due to them becoming obsolete based on the previous success/failure results. We propose an efficient algorithm for computing the attacker's expected outcome based on the given order of the elementary attacks and discuss the pros and cons of considering general rooted directed acyclic graphs instead of plain trees as the foundations for attack modelling.