Attack Tree Generation by Policy Invalidation

Abstract : Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps.
Type de document :
Communication dans un congrès
Raja Naeem Akram; Sushil Jajodia. 9th Workshop on Information Security Theory and Practice (WISTP), Aug 2015, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-9311, pp.249-259, 2015, Information Security Theory and Practice. 〈10.1007/978-3-319-24018-3_16〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01442547
Contributeur : Hal Ifip <>
Soumis le : vendredi 20 janvier 2017 - 16:47:50
Dernière modification le : mardi 24 avril 2018 - 16:16:02
Document(s) archivé(s) le : vendredi 21 avril 2017 - 16:15:47

Fichier

978-3-319-24018-3_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Marieta Ivanova, Christian Probst, René Hansen, Florian Kammüller. Attack Tree Generation by Policy Invalidation. Raja Naeem Akram; Sushil Jajodia. 9th Workshop on Information Security Theory and Practice (WISTP), Aug 2015, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-9311, pp.249-259, 2015, Information Security Theory and Practice. 〈10.1007/978-3-319-24018-3_16〉. 〈hal-01442547〉

Partager

Métriques

Consultations de la notice

38

Téléchargements de fichiers

5