Attack-Defense Trees; Attack Trees; Case Study; Attributes
Abstract :
[en] Attack-defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack-defense trees. First, we create an attack-defense tree for an RFID-based goods management system for a warehouse. Then, we explore how to use a rich set of attributes for attack and defense nodes and how to assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. We discuss different modeling choices and trade-offs. The case study led us to define concrete guidelines that can be used by software developers, security analysts and system owners when performing similar assessments.
Disciplines :
Computer science
Identifiers :
UNILU:UL-ARTICLE-2012-1100
Author, co-author :
Bagnato, Alessandra; TXT e-solutions, Italy
KORDY, Barbara ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Meland, Per H.; SINTEF ICT, Norway
SCHWEITZER, Patrick ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Language :
English
Title :
Attribute Decoration of Attack-Defense Trees
Publication date :
2012
Journal title :
International Journal of Secure Software Engineering
