Threat modeling using attack trees
Journal of Computing Sciences in Colleges
Computing Exact Outcomes of Multi-parameter Attack Trees
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
An RFID Attacker Behavior Taxonomy
IEEE Pervasive Computing
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Strategic games on defense trees
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP)
EDCC '10 Proceedings of the 2010 European Dependable Computing Conference
Using attack and protection trees to analyze threats and defenses to homeland security
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Analyzing the security in the GSM radio network using attack jungles
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Attack-defense trees and two-player binary zero-sum extensive form games are equivalent
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities
ISMVL '11 Proceedings of the 2011 41st IEEE International Symposium on Multiple-Valued Logic
Rational choice of security measures via multi-parameter attack trees
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
OWA trees and their role in security modeling using attack trees
Information Sciences: an International Journal
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Computational aspects of attack---defense trees
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
Quantitative questions on attack: defense trees
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Attack-defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact, and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack-defense trees. First, the authors create an attack-defense tree for an RFID-based goods management system for a warehouse. Then, they explore how to use a rich set of attributes for attack and defense nodes and assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. The authors discuss different modeling choices and tradeoffs. The case study led them to define concrete guidelines that can be used by software developers, security analysts, and system owners when performing similar assessments.