Classification and detection of computer intrusions
Classification and detection of computer intrusions
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Proceedings of the 2002 ACM symposium on Applied computing
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
A Structural Framework for Modeling Multi-Stage Network Attacks
ICPPW '02 Proceedings of the 2002 International Conference on Parallel Processing Workshops
Risk Management for Computer Security: Protecting Your Network & Information Assets
Risk Management for Computer Security: Protecting Your Network & Information Assets
Security vulnerabilities in software systems: a quantitative perspective
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences
EVT'08 Proceedings of the conference on Electronic voting technology
Assessing procedural risks and threats in e-voting: challenges and an approach
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
Hi-index | 0.00 |
Cyber attacks are the core of any security assessment of ICT-based systems. One of the more promising research fields in this context is related to the representation of the attack patterns. Several are the models proposed to represent them; these models usually provide a generic representation of attacks. Conversely, the experience shows that attack profiles are strongly dependent upon several “boundary conditions”. This paper defends that from the security assessment perspective, it is necessary to integrate the knowledge contained in the attack patterns with “boundary” knowledge related to vulnerability of the target system and to the potential threats. In this paper, after a characterization of this “boundary knowledge”, we propose an n-dimensional view of the attack tree approach, integrating information on threats and vulnerabilities. Moreover, we show how to use this view to derive knowledge about the security exposure of a target system.