Gadyatskaya, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
no
Language :
English
Title :
Attack-Tree Series: A Case for Dynamic Attack Tree Analysis
Publication date :
2020
Event name :
6th International Workshop on Graphical Models for Security (GraMSec'19)
Event date :
2019
By request :
Yes
Audience :
International
Main work title :
Proc.\ 6th International Workshop on Graphical Models for Security (GraMSec'19)
Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice-Hall Inc., Upper Saddle River (1994)
Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute decoration of attack-defense trees. Int. J. Secure Softw. Eng. 3(2), 1–35 (2012)
Box, G.E.P., Jenkins, G.M., Reinsel, G.C., Ljung, G.M.: Time Series Analysis: Forecasting and Control. Wiley, Hoboken (2015)
Buldas, A., Gadyatskaya, O., Lenin, A., Mauw, S., Trujillo-Rasua, R.: Attribute evaluation on attack trees with incomplete information. Computers & Security (2019, to appear)
Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48393-1 24
Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35–50. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44878-7 3
Gadyatskaya, O., Harpes, C., Mauw, S., Muller, C., Muller, S.: Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 80–93. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9 5
Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43425-4 10
Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., Willemse, T.A.C.: Refinement-aware generation of attack trees. In: Livraga, G., Mitchell, C. (eds.) STM 2017. LNCS, vol. 10547, pp. 164–179. Springer, Cham (2017). https://doi. org/10.1007/978-3-319-68063-7 11
Garae, J., Ko, R.K.L.: Visualization and data provenance trends in decision support for cybersecurity. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 243–270. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2 9
Green, I.: Extreme cyber scenario planning & attack tree analysis (2013). Talk at RSA Conference https://www.rsaconference.com/writable/presentations/file upload/grc-t17.pdf
Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Attack tree generation by policy invalidation. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 249–259. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24018-3 16
Jhawar, R., Lounis, K., Mauw, S., Ramírez-Cruz, Y.: Semi-automatically augmenting attack trees using an annotated attack tree library. In: Katsikas, S.K., Alcaraz, C. (eds.) STM 2018. LNCS, vol. 11091, pp. 85–101. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01141-3 6
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1 15
Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: Proceedings 18th International Symposium on High Assurance Systems Engineering (HASE 2017), pp. 25–32. IEEE (2017)
Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), pp. 65–72. ACM (2004)
Li, E., Barendse, J., Brodbeck, F., Tanner, A.: From A to Z: developing a visual vocabulary for information security threat visualisation. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 102–118. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9 7
Liao, X., Yuan, K., Wang, X.F., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755–766. ACM (2016)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727 17
Noel, S., Harley, E., Tam, K.H., Limiero, M., Share, M.:. CyGraph: graph-based analytics and visualization for cybersecurity. In: Handbook of Statistics, vol. 35, pp. 117–167. Elsevier (2016)
Paul, S.: Towards automating the construction & maintenance of attack trees: a feasibility study. In: Proceedings 1st International Workshop on Graphical Models for Security (GraMSec 2014), Grenoble, France, volume 148 of EPTCS, pp. 31–46 (2014)
Paul, S., Vignon-Davillier, R.: Unifying traditional risk assessment approaches with attack trees. J. Inf. Secur. Appl. 19(3), 165–181 (2014)
Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Cham (2016). https://doi.org/10. 1007/978-3-319-29968-6 7
Rasmussen, J., Ehrlich, K., Ross, S., Kirk, S., Gruen, D., Patterson, J.: Nimble cybersecurity incident management through visualization and defensible recommendations. In: Proceedings 7th International Symposium on Visualization for Cyber Security (VizSec 2010), pp. 102–113. ACM (2010)
Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)
Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodology. In: Proceedings 1998 Workshop on New Security Paradigms (NSPW 1998), pp. 2–10. ACM (1998)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Takahashi, T., Emura, K., Kanaoka, A., Matsuo, S., Minowa, T.: Risk visualization and alerting system: architecture and proof-of-concept implementation. In: Proceedings 1st International Workshop on Security in Embedded Systems and Smartphones (SESP 2013), pp. 3–10. ACM (2013)
Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212–233 (2018)
Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings 27th IEEE Computer Security Foundations Symposium (CSF 2014), pp. 337–350. IEEE (2014)
