Attacks and defences; attack and defence generation; automating risk assessment
Résumé :
[en] Recently security researchers have started to look into au-
tomated generation of attack trees from socio-technical system models.
The obvious next step in this trend of automated risk analysis is au-
tomating the selection of security controls to treat the detected threats.
However, the existing socio-technical models are too abstract to repre-
sent all security controls recommended by practitioners and standards.
In this paper we propose an attack-defence model, consisting of a set of
attack-defence bundles, to be generated and maintained with the socio-
technical model. The attack-defence bundles can be used to synthesise
attack-defence trees directly from the model to o er basic attack-defence
analysis, but also they can be used to select and maintain the security
controls that cannot be handled by the model itself.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
GADYATSKAYA, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems
Date de publication/diffusion :
2016
Nom de la manifestation :
The Second International Workshop on Graphical Models for Security
Date de la manifestation :
13 July 2015
Titre de l'ouvrage principal :
Proc. of GraMSec 2015
Maison d'édition :
Springer
Collection et n° de collection :
LNCS 9390
Peer reviewed :
Peer reviewed
Projet européen :
FP7 - 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
