In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining Fault Tree Analysis, traditionally used in reliability analysis, with the recently introduced Attack Tree Analysis, which allows the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. Formal definitions of Fault Tree and Attack Tree are provided and a mathematical model for the calculation of system fault probabilities is presented.
NAI FOVINO Igor;
MASERA Marcelo;
DECIAN Alessio;
2008-01-15
CRC Press
JRC36470
http://www.esrel2007.com/programme.aspx,
http://www.crcpress.co.uk/shopping_cart/products/product_detail.asp?id=&parent_id=&sku=SW7860&isbn=9780415447867&pc=,
https://publications.jrc.ec.europa.eu/repository/handle/JRC36470,
This document is only visible at the Commission level.
You are not authorized to publish or distribute it outside the European Commission.
This is a public document. You can share this publication.
Additional supporting files
| File name | Description | File type | |
|---|
