Transforming graphical system models to graphical attack models

Marieta Georgieva Ivanova; Christian W. Probst; René Rydhof Hansen; Florian Kammüller

doi:10.1007/978-3-319-29968-6_6

Transforming graphical system models to graphical attack models

Marieta Georgieva Ivanova, Christian W. Probst^*, René Rydhof Hansen, Florian Kammüller

^*Corresponding author for this work

Department of Computer Science

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

23 Citations (Scopus)

Abstract

Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.

Original language	English
Title of host publication	Graphical Models for Security : GraMSec 2015
Number of pages	15
Publisher	Springer
Publication date	2016
Pages	82-96
ISBN (Print)	978-3-319-29967-9
ISBN (Electronic)	978-3-319-29968-6
DOIs	https://doi.org/10.1007/978-3-319-29968-6_6
Publication status	Published - 2016
Event	The Second International Workshop on Graphical Models for Security - Verona, Italy Duration: 13 Jul 2015 → …

Conference

Conference	The Second International Workshop on Graphical Models for Security
Country/Territory	Italy
City	Verona
Period	13/07/2015 → …

Series	Lecture Notes in Computer Science
Volume	9390
ISSN	0302-9743

Access to Document

10.1007/978-3-319-29968-6_6

AUB Link

Search for the material in Aalborg University Library's search engine

Cite this

@inproceedings{9af28ae78367462f87062cdec5c36524,

title = "Transforming graphical system models to graphical attack models",

abstract = "Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.",

author = "Ivanova, {Marieta Georgieva} and Probst, {Christian W.} and Hansen, {Ren{\'e} Rydhof} and Florian Kamm{\"u}ller",

year = "2016",

doi = "10.1007/978-3-319-29968-6_6",

language = "English",

isbn = "978-3-319-29967-9",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "82--96",

booktitle = "Graphical Models for Security",

address = "Germany",

note = "The Second International Workshop on Graphical Models for Security, GraMSec 2015 ; Conference date: 13-07-2015",

}

Ivanova, MG, Probst, CW, Hansen, RR & Kammüller, F 2016, Transforming graphical system models to graphical attack models. in Graphical Models for Security: GraMSec 2015. Springer, Lecture Notes in Computer Science, vol. 9390, pp. 82-96, The Second International Workshop on Graphical Models for Security, Verona, Italy, 13/07/2015. https://doi.org/10.1007/978-3-319-29968-6_6

Transforming graphical system models to graphical attack models. / Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, René Rydhof et al.
Graphical Models for Security: GraMSec 2015. Springer, 2016. p. 82-96 (Lecture Notes in Computer Science, Vol. 9390).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - Transforming graphical system models to graphical attack models

AU - Ivanova, Marieta Georgieva

AU - Probst, Christian W.

AU - Hansen, René Rydhof

AU - Kammüller, Florian

PY - 2016

Y1 - 2016

N2 - Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.

AB - Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations that helps in structuring attack identification and can integrate physical, virtual, and social components. These models form a solid basis for guiding the manual identification of attack scenarios. Their main benefit, however, is in the analytic generation of attacks. In this work we present a systematic approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset.

UR - http://www.scopus.com/inward/record.url?scp=85007591749&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-29968-6_6

DO - 10.1007/978-3-319-29968-6_6

M3 - Article in proceeding

AN - SCOPUS:85007591749

SN - 978-3-319-29967-9

T3 - Lecture Notes in Computer Science

SP - 82

EP - 96

BT - Graphical Models for Security

PB - Springer

T2 - The Second International Workshop on Graphical Models for Security

Y2 - 13 July 2015

ER -

Transforming graphical system models to graphical attack models

Abstract

Conference

Access to Document

AUB Link

Other files and links

Fingerprint

Cite this