A Template-Based Method for the Generation of Attack Trees - Information Security Theory and Practice
Conference Papers Year : 2020

A Template-Based Method for the Generation of Attack Trees

Jeremy Bryans
  • Function : Author
  • PersonId : 1093941
Siraj Shaikh
  • Function : Author
  • PersonId : 1093943
Fengjun Zhou
  • Function : Author
  • PersonId : 1093944

Abstract

Attack trees are used in cybersecurity analysis to give an analyst a view of all the ways in which an attack can be carried out. Attack trees can become large, and developing them by hand can be tedious and error-prone. In this paper the automated generation of attack trees is considered. The method proposed is based on a library of attack templates – parameterisable patterns of attacks such as denial of service or eavesdropping – and that also uses an abstract model of the network architecture under attack. A pseudocode implementation of the method is also presented. The example application given is from the automotive domain and using an architecture consisting of linked CAN networks – a network configuration found in virtually every current vehicle.
Fichier principal
Vignette du fichier
492809_1_En_10_Chapter.pdf (346.11 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03173899 , version 1 (18-03-2021)

Licence

Identifiers

Cite

Jeremy Bryans, Lin Shen Liew, Hoang Nga Nguyen, Giedre Sabaliauskaite, Siraj Shaikh, et al.. A Template-Based Method for the Generation of Attack Trees. 13th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2019, Paris, France. pp.155-165, ⟨10.1007/978-3-030-41702-4_10⟩. ⟨hal-03173899⟩
64 View
143 Download

Altmetric

Share

More