Please use this identifier to cite or link to this item:
|Title:||Through the Description of Attacks: a Multidimensional View|
|Authors:||NAI FOVINO IGOR; MASERA MARCELO|
|Citation:||The Safecomp Conference Proceedings Are Published in the Series Lecture Notes in Computer Science (LNCS) p. 15-28|
|JRC Publication N°:||JRC32883|
|Type:||Contributions to Conferences|
|Abstract:||Cyber attacks are the core of any security assessment of ICT–based systems. One of the more promising research fields in this context is related to the representation of the attack patterns. Several are the models proposed to represent them; these models usually provide a generic representation of attacks. Conversely, the experience shows that attack profiles are strongly dependent upon several “boundary conditions”. This paper defends that from the security assessment perspective, it is necessary to integrate the knowledge contained in the attack patterns with “boundary” knowledge related to vulnerability of the target system and to the potential threats. In this paper, after a characterization of this “boundary knowledge”, we propose an n-dimensional view of the attack tree approach, integrating information on threats and vulnerabilities. Moreover, we show how to use this view to derive knowledge about the security exposure of a target system. Keywords: Security assessment, Attack Pattern|
|JRC Institute:||Institute for the Protection and Security of the Citizen|
Files in This Item:
There are no files associated with this item.
Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.