Analyzing Attack Strategies Through Anti-goal Refinement

Abstract : Analyzing security from an attacker’s perspective has been accepted as an effective approach for dealing with security requirements for complex systems. However, there is no systematic approach for constructing attack scenarios. As a result, the completeness of the derived attack scenarios is subject to the expertise of analysts. In this paper, we propose a systematic process for identifying attack scenarios to support security analysis, founded on anti-goal refinement. In particular, we examine three real attack scenarios in order to understand attack strategies that have been applied in reality. Based on our examination, we propose a comprehensive anti-goal refinement framework, which consists of five anti-goal refinement patterns and an analysis process for using the patterns as part of security design. Finally, we evaluate the proposed anti-goal refinement framework by applying it to a credit card theft scenario.
Type de document :
Communication dans un congrès
Jolita Ralyté; Sergio España; Óscar Pastor. 8th Practice of Enterprise Modelling (P0EM), Nov 2015, Valencia, Spain. Springer, Lecture Notes in Business Information Processing, LNBIP-235, pp.75-90, 2015, The Practice of Enterprise Modeling. 〈10.1007/978-3-319-25897-3_6〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01442299
Contributeur : Hal Ifip <>
Soumis le : vendredi 20 janvier 2017 - 15:20:30
Dernière modification le : vendredi 20 janvier 2017 - 15:25:47
Document(s) archivé(s) le : vendredi 21 avril 2017 - 15:34:10

Fichier

978-3-319-25897-3_6_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Tong Li, Jennifer Horkoffi, Elda Pajai, Kristian Beckers, John Mylopoulos. Analyzing Attack Strategies Through Anti-goal Refinement. Jolita Ralyté; Sergio España; Óscar Pastor. 8th Practice of Enterprise Modelling (P0EM), Nov 2015, Valencia, Spain. Springer, Lecture Notes in Business Information Processing, LNBIP-235, pp.75-90, 2015, The Practice of Enterprise Modeling. 〈10.1007/978-3-319-25897-3_6〉. 〈hal-01442299〉

Partager

Métriques

Consultations de la notice

16

Téléchargements de fichiers

20