3University of Luxembourg [Luxembourg] (Campus Kirchberg
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Campus de Limpertsberg
162a, avenue de la Faïencerie
L-1511 Luxembourg
Campus de Belval
2, avenue de l'Université
L-4365 Esch-sur-Alzette - Luxembourg)
Abstract : Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs. We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we reflect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benefits and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.
https://hal.inria.fr/hal-01653513 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Friday, December 1, 2017 - 3:15:11 PM Last modification on : Friday, November 8, 2019 - 3:06:02 PM
Marlon Fraile, Margaret Ford, Olga Gadyatskaya, Rajesh Kumar, Mariëlle Stoelinga, et al.. Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study. 9th IFIP Working Conference on The Practice of Enterprise Modeling (PoEM), Nov 2016, Skövde, Sweden. pp.326-334, ⟨10.1007/978-3-319-48393-1_24⟩. ⟨hal-01653513⟩