A Template-based Method for the Generation of Attack Trees

    Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

    2 Citations (Scopus)
    54 Downloads (Pure)

    Abstract

    Attack trees are used in cybersecurity analysis to give an analyst a view of all the ways in which an attack can be carried out. Attack trees can become large, and developing them by hand can be tedious and error-prone. In this paper the automated generation of attack trees is considered. The method proposed is based on a library of attack templates – parameterisable patterns of attacks such as denial of service or eavesdropping – and that also uses an abstract model of the network architecture under attack. A pseudocode implementation of the method is also presented. The example application given is from the automotive domain and using an architecture consisting of linked CAN networks – a network configuration found in virtually every current vehicle.
    Original languageEnglish
    Title of host publicationInformation Security Theory and Practice - 13th IFIP WG 11.2 International Conference, WISTP 2019, Proceedings
    EditorsMaryline Laurent, Thanassis Giannetsos
    PublisherSpringer, Cham
    Pages155-165
    Number of pages11
    Edition1
    ISBN (Electronic)978-3-030-41702-4
    ISBN (Print)978-3-030-41701-7
    DOIs
    Publication statusE-pub ahead of print - 2 Mar 2020
    EventInternational Conference on Information Security Theory and Practice - Paris, France
    Duration: 11 Dec 201912 Dec 2019
    http://www.wistp.org/

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume12024 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    ConferenceInternational Conference on Information Security Theory and Practice
    Abbreviated titleWISTP
    Country/TerritoryFrance
    CityParis
    Period11/12/1912/12/19
    Internet address

    Bibliographical note

    The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-030-41702-4_10

    Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.

    Keywords

    • Attack trees
    • Automotive
    • Cybersecurity
    • Generation

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • Computer Science(all)

    Fingerprint

    Dive into the research topics of 'A Template-based Method for the Generation of Attack Trees'. Together they form a unique fingerprint.

    Cite this