Reference Hub

This research has been cited in:

Chapter
Quantitative Evaluation of Attack Defense Trees Using Stochastic Timed AutomataGraphical Models for Security10.1007/978-3-319-74860-3_5
Article
A Framework for the Evaluation of Trainee Performance in Cyber Range ExercisesMobile Networks and Applications10.1007/s11036-019-01442-0
Chapter
Privacy Attack Modeling and Risk Assessment Method for Name Data NetworkingAdvances in Computer Communication and Computational Sciences10.1007/978-981-13-6861-5_10
Conference
Quantitative Verification and Synthesis of Attack-Defence Scenarios2016 IEEE 29th Computer Security Foundations Symposium (CSF)10.1109/CSF.2016.15
Article
Evaluating mail‐based security for electoral processes using attack treesRisk Analysis10.1111/risa.13876
Article
Probabilistic reasoning with graphical security modelsInformation Sciences10.1016/j.ins.2016.01.010
Article
A survey on the usability and practical applications of Graphical Security ModelsComputer Science Review10.1016/j.cosrev.2017.09.001
Chapter
Library-Based Attack Tree SynthesisGraphical Models for Security10.1007/978-3-030-62230-5_2
Article
An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack PerceptionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.2771238
Article
Mitigating Risk with CyberinsuranceIEEE Security & Privacy10.1109/MSP.2015.137
Chapter
ChatGPT Knows Your Attacks: Synthesizing Attack Trees Using LLMsData Science and Artificial Intelligence10.1007/978-981-99-7969-1_18
Chapter
Quantitative Questions on Attack–Defense TreesInformation Security and Cryptology – ICISC 201210.1007/978-3-642-37682-5_5
Article
Less Manual Work for Safety Engineers: Towards an Automated Safety Reasoning with Safety PatternsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.325.29
Article
Beyond 2014ACM Computing Surveys10.1145/3331524
Chapter
Modelling Attack-defense Trees Using Timed AutomataFormal Modeling and Analysis of Timed Systems10.1007/978-3-319-44878-7_3
Chapter
A Stochastic Framework for Quantitative Analysis of Attack-Defense TreesSecurity and Trust Management10.1007/978-3-319-46598-2_10
Conference
Efficient Attack-Defense Tree Analysis using Pareto Attribute Domains2019 IEEE 32nd Computer Security Foundations Symposium (CSF)10.1109/CSF.2019.00021
Article
Continuous Quantitative Risk Management in Smart Grids Using Attack Defense TreesSensors10.3390/s20164404
Chapter
Attack-Tree Series: A Case for Dynamic Attack Tree AnalysisGraphical Models for Security10.1007/978-3-030-36537-0_2
Article
A Minimum Defense Cost Calculation Method for Attack Defense TreesSecurity and Communication Networks10.1155/2020/8870734
Chapter
Multigraph Critical Infrastructure ModelCritical Infrastructure Protection X10.1007/978-3-319-48737-3_9
Chapter
New Directions in Attack Tree Research: Catching up with Industrial NeedsGraphical Models for Security10.1007/978-3-319-74860-3_9
Chapter
Breaking the Cyber Kill Chain by Modelling Resource CostsGraphical Models for Security10.1007/978-3-030-62230-5_6
Article
DAG-based attack and defense modeling: Don’t miss the forest for the attack treesComputer Science Review10.1016/j.cosrev.2014.07.001
Article
Efficient and Generic Algorithms for Quantitative Attack Tree AnalysisIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3215752
Article
Assessing cyber threats for storyless systemsJournal of Information Security and Applications10.1016/j.jisa.2021.103050
Chapter
A Practical Evaluation of Searchable Encryption for Data Archives in the CloudCloud Computing and Services Science10.1007/978-3-319-29582-4_10
Article
Attribute evaluation on attack trees with incomplete informationComputers & Security10.1016/j.cose.2019.101630
Chapter
Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case StudyThe Practice of Enterprise Modeling10.1007/978-3-319-48393-1_24
Conference
Threat characterization in vital area identification process2013 47th International Carnahan Conference on Security Technology (ICCST)10.1109/CCST.2013.6922050
Conference
Improving Attack Trees Analysis using Petri Net modeling of Cyber-Attacks2019 IEEE 28th International Symposium on Industrial Electronics (ISIE)10.1109/ISIE.2019.8781238
Conference
Development approach to the attack modeling for the needs of cyber security education2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC)10.1109/DIPDMWC.2016.7529392
Conference
Security Risk Assessment of Server Hardware Architectures Using Graph Analysis2021 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)10.1109/AsianHOST53231.2021.9699554
Conference
A review on Unmanned Aerial Vehicle (UAV) threats assessmentsVIII INTERNATIONAL ANNUAL CONFERENCE “INDUSTRIAL TECHNOLOGIES AND ENGINEERING” (ICITE 2021)10.1063/5.0119703
Article
A review of attack graph and attack tree visual syntax in cyber securityComputer Science Review10.1016/j.cosrev.2019.100219
Article
Architecture‐oriented security strategy determination for cyber‐physical systemsConcurrency and Computation: Practice and Experience10.1002/cpe.6781
Conference
A survey of fault and attack tree modeling and analysis for cyber risk management2017 IEEE International Symposium on Technologies for Homeland Security (HST)10.1109/THS.2017.7943455
Conference
Parametric Analyses of Attack-Fault Trees2019 19th International Conference on Application of Concurrency to System Design (ACSD)10.1109/ACSD.2019.00008
Chapter
Expected Cost Analysis of Attack-Defense TreesQuantitative Evaluation of Systems10.1007/978-3-030-30281-8_12
Chapter
Experiences with Threat Modeling on a Prototype Social NetworkInformation Security in Diverse Computing Environments10.4018/978-1-4666-6158-5.ch014

Attribute Decoration of Attack–Defense Trees

Alessandra Bagnato, Barbara Kordy, Per Håkon Meland, Patrick Schweitzer

Source Title: International Journal of Secure Software Engineering (IJSSE)3(2)

ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466613980|DOI: 10.4018/jsse.2012040101

Cite Article Cite Article

MLA

Bagnato, Alessandra, et al. "Attribute Decoration of Attack–Defense Trees." IJSSE vol.3, no.2 2012: pp.1-35. http://doi.org/10.4018/jsse.2012040101

APA

Bagnato, A., Kordy, B., Meland, P. H., & Schweitzer, P. (2012). Attribute Decoration of Attack–Defense Trees. International Journal of Secure Software Engineering (IJSSE), 3(2), 1-35. http://doi.org/10.4018/jsse.2012040101

Chicago

Bagnato, Alessandra, et al. "Attribute Decoration of Attack–Defense Trees," International Journal of Secure Software Engineering (IJSSE) 3, no.2: 1-35. http://doi.org/10.4018/jsse.2012040101

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

Attack–defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact, and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack–defense trees. First, the authors create an attack–defense tree for an RFID-based goods management system for a warehouse. Then, they explore how to use a rich set of attributes for attack and defense nodes and assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. The authors discuss different modeling choices and tradeoffs. The case study led them to define concrete guidelines that can be used by software developers, security analysts, and system owners when performing similar assessments.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Attribute Decoration of Attack–Defense Trees

MLA

APA

Chicago

Export Reference

Abstract

Request Access