Please use this identifier to cite or link to this item:
http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/8390
Title: | An attack tree template based on feature diagram hierarchy |
Authors: | Kumar, Rajesh |
Keywords: | Computer Science Attack trees Attack patterns Feature diagram Security risk asessment |
Issue Date: | 2020 |
Publisher: | IEEE |
Abstract: | Attack trees (ATs) are a popular model-based formalism to perform a security risk assessment. The benefits of using AT are numerous: graphical top-down representation of multi-stage attack scenarios, several analysis frameworks, and many supporting tools. The current practice of constructing an attack tree for a given system is using the rules-of-thumb. Though this process is flexible, in the absence of a template, it is non-standardized. Hence it is tedious and may result in contention between the stakeholders due to individual idiosyncrasies. To address these limitations, in this paper, we develop an AT template. We meticulously design the template by performing a literature survey of the industry-size ATs and extract the meta-categories used to build them. The AT template is then structured into layers by the systematic question-answering methodology of Potts et al. Each successive layer in our template is a refinement of the previous layer, adding more details. We link the AT template to standard threat databases. Thus, our template guides the practitioner on narrowing to the appropriate attack vectors. An important question here is how to keep the AT template flexible, given the diversity of context and system variables. To address the question, we use a feature diagram to represent the AT categories. We used the AT template to gain practical experience over a hypothetical case study of smart meters (not part of the paper). Based on our experience, we suggest future research directions. |
URI: | https://ieeexplore.ieee.org/document/9356420 http://dspace.bits-pilani.ac.in:8080/xmlui/handle/123456789/8390 |
Appears in Collections: | Department of Computer Science and Information Systems |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.