A Template-based Method for the Generation of Attack Trees

Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

7 Downloads (Pure)

Abstract

Attack trees are used in cybersecurity analysis to give an analyst a view of all the ways in which an attack can be carried out. Attack trees can become large, and developing them by hand can be tedious and error-prone. In this paper the automated generation of attack trees is considered. The method proposed is based on a library of attack templates – parameterisable patterns of attacks such as denial of service or eavesdropping – and that also uses an abstract model of the network architecture under attack. A pseudocode implementation of the method is also presented. The example application given is from the automotive domain and using an architecture consisting of linked CAN networks – a network configuration found in virtually every current vehicle.
Original languageEnglish
Title of host publicationInformation Security Theory and Practice - 13th IFIP WG 11.2 International Conference, WISTP 2019, Proceedings
EditorsMaryline Laurent, Thanassis Giannetsos
PublisherSpringer, Cham
Pages155-165
Number of pages11
Edition1
ISBN (Electronic)978-3-030-41702-4
ISBN (Print)978-3-030-41701-7
DOIs
Publication statusE-pub ahead of print - 2 Mar 2020
EventInternational Conference on Information Security Theory and Practice - Paris, France
Duration: 11 Dec 201912 Dec 2019
http://www.wistp.org/

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12024 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Information Security Theory and Practice
Abbreviated titleWISTP
CountryFrance
CityParis
Period11/12/1912/12/19
Internet address

Bibliographical note

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-030-41702-4_10

Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.

Keywords

  • Attack trees
  • Automotive
  • Cybersecurity
  • Generation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A Template-based Method for the Generation of Attack Trees'. Together they form a unique fingerprint.

Cite this