DSpace Repository

An attack tree template based on feature diagram hierarchy

Show simple item record

dc.contributor.author Kumar, Rajesh
dc.date.accessioned 2023-01-09T07:13:25Z
dc.date.available 2023-01-09T07:13:25Z
dc.date.issued 2020
dc.identifier.uri https://ieeexplore.ieee.org/document/9356420
dc.identifier.uri http://dspace.bits-pilani.ac.in:8080/xmlui/handle/123456789/8390
dc.description.abstract Attack trees (ATs) are a popular model-based formalism to perform a security risk assessment. The benefits of using AT are numerous: graphical top-down representation of multi-stage attack scenarios, several analysis frameworks, and many supporting tools. The current practice of constructing an attack tree for a given system is using the rules-of-thumb. Though this process is flexible, in the absence of a template, it is non-standardized. Hence it is tedious and may result in contention between the stakeholders due to individual idiosyncrasies. To address these limitations, in this paper, we develop an AT template. We meticulously design the template by performing a literature survey of the industry-size ATs and extract the meta-categories used to build them. The AT template is then structured into layers by the systematic question-answering methodology of Potts et al. Each successive layer in our template is a refinement of the previous layer, adding more details. We link the AT template to standard threat databases. Thus, our template guides the practitioner on narrowing to the appropriate attack vectors. An important question here is how to keep the AT template flexible, given the diversity of context and system variables. To address the question, we use a feature diagram to represent the AT categories. We used the AT template to gain practical experience over a hypothetical case study of smart meters (not part of the paper). Based on our experience, we suggest future research directions. en_US
dc.language.iso en en_US
dc.publisher IEEE en_US
dc.subject Computer Science en_US
dc.subject Attack trees en_US
dc.subject Attack patterns en_US
dc.subject Feature diagram en_US
dc.subject Security risk asessment en_US
dc.title An attack tree template based on feature diagram hierarchy en_US
dc.type Article en_US


Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account