Title: Through the Description of Attacks: a Multidimensional View
Citation: The Safecomp Conference Proceedings Are Published in the Series Lecture Notes in Computer Science (LNCS) p. 15-28
Publisher: Springer-Verlag
Publication Year: 2006
JRC N°: JRC32883
URI: http://publications.jrc.ec.europa.eu/repository/handle/JRC32883
Type: Articles in periodicals and books
Abstract: Cyber attacks are the core of any security assessment of ICT–based systems. One of the more promising research fields in this context is related to the representation of the attack patterns. Several are the models proposed to represent them; these models usually provide a generic representation of attacks. Conversely, the experience shows that attack profiles are strongly dependent upon several “boundary conditions”. This paper defends that from the security assessment perspective, it is necessary to integrate the knowledge contained in the attack patterns with “boundary” knowledge related to vulnerability of the target system and to the potential threats. In this paper, after a characterization of this “boundary knowledge”, we propose an n-dimensional view of the attack tree approach, integrating information on threats and vulnerabilities. Moreover, we show how to use this view to derive knowledge about the security exposure of a target system. Keywords: Security assessment, Attack Pattern
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.