TY - GEN
T1 - Transforming graphical system models to graphical attack models
AU - Ivanova, Marieta Georgieva
AU - Probst, Christian W.
AU - Hansen, René Rydhof
AU - Kammüller, Florian
PY - 2016
Y1 - 2016
N2 - Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.
AB - Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.
UR - http://www.scopus.com/inward/record.url?scp=85007591749&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-29968-6_6
DO - 10.1007/978-3-319-29968-6_6
M3 - Article in proceeding
AN - SCOPUS:85007591749
SN - 978-3-319-29967-9
T3 - Lecture Notes in Computer Science
SP - 82
EP - 96
BT - Graphical Models for Security
PB - Springer
T2 - The Second International Workshop on Graphical Models for Security
Y2 - 13 July 2015
ER -