Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis

Sophie Pinchinat
Mathieu Acher

Résumé

Attack trees are widely used in the fields of defense for the analysis of risks (or threats) against electronics systems, computer control systems or physical systems. Based on the analysis of attack trees, practitioners can define actions to engage in order to reduce or annihilate risks. A major barrier to support computer-aided risk analysis is that attack trees can become largely complex and thus hard to specify. This paper is a first step towards a methodology, formal foundations as well as automated techniques to synthesize attack trees from a high-level description of a system. Attacks are expressed as a succession of elementary actions and high-level actions can be used to abstract and organize attacks into exploitable attack trees. We describe our tooling support and identify open challenges for supporting the analysis of risks.
Fichier principal
Vignette du fichier
SEFM-FMDS.pdf (524.22 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01064645 , version 1 (16-09-2014)

Identifiants

  • HAL Id : hal-01064645 , version 1

Citer

Sophie Pinchinat, Mathieu Acher, Didier Vojtisek. Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis. Workshop on Formal Methods in the Development of Software (co-located with SEFM), Sep 2014, Grenoble, France. ⟨hal-01064645⟩
360 Consultations
507 Téléchargements

Partager

Gmail Facebook X LinkedIn More