DSpace logo

Please use this identifier to cite or link to this item: http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/8390
Title: An attack tree template based on feature diagram hierarchy
Authors: Kumar, Rajesh
Keywords: Computer Science
Attack trees
Attack patterns
Feature diagram
Security risk asessment
Issue Date: 2020
Publisher: IEEE
Abstract: Attack trees (ATs) are a popular model-based formalism to perform a security risk assessment. The benefits of using AT are numerous: graphical top-down representation of multi-stage attack scenarios, several analysis frameworks, and many supporting tools. The current practice of constructing an attack tree for a given system is using the rules-of-thumb. Though this process is flexible, in the absence of a template, it is non-standardized. Hence it is tedious and may result in contention between the stakeholders due to individual idiosyncrasies. To address these limitations, in this paper, we develop an AT template. We meticulously design the template by performing a literature survey of the industry-size ATs and extract the meta-categories used to build them. The AT template is then structured into layers by the systematic question-answering methodology of Potts et al. Each successive layer in our template is a refinement of the previous layer, adding more details. We link the AT template to standard threat databases. Thus, our template guides the practitioner on narrowing to the appropriate attack vectors. An important question here is how to keep the AT template flexible, given the diversity of context and system variables. To address the question, we use a feature diagram to represent the AT categories. We used the AT template to gain practical experience over a hypothetical case study of smart meters (not part of the paper). Based on our experience, we suggest future research directions.
URI: https://ieeexplore.ieee.org/document/9356420
http://dspace.bits-pilani.ac.in:8080/xmlui/handle/123456789/8390
Appears in Collections:Department of Computer Science and Information Systems

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.