Attack-Defense Trees; Attack Trees; Case Study; Attributes
Résumé :
[en] Attack-defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack-defense trees. First, we create an attack-defense tree for an RFID-based goods management system for a warehouse. Then, we explore how to use a rich set of attributes for attack and defense nodes and how to assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. We discuss different modeling choices and trade-offs. The case study led us to define concrete guidelines that can be used by software developers, security analysts and system owners when performing similar assessments.
Disciplines :
Sciences informatiques
Identifiants :
UNILU:UL-ARTICLE-2012-1100
Auteur, co-auteur :
Bagnato, Alessandra; TXT e-solutions, Italy
KORDY, Barbara ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Meland, Per H.; SINTEF ICT, Norway
SCHWEITZER, Patrick ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Langue du document :
Anglais
Titre :
Attribute Decoration of Attack-Defense Trees
Date de publication/diffusion :
2012
Titre du périodique :
International Journal of Secure Software Engineering
