Abstract
The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Fischhoff, B.: Risk perception and communication unplugged: twenty years of process. Risk Anal. 15(2), 137–145 (1995)
Jasanoff, S.: The political science of risk perception. Reliab. Eng. Syst. Saf. 59(1), 91–99 (1998)
Weinstein, N.D.: What does it mean to understand a risk? evaluating risk comprehension. J. Nat. Cancer Inst. Monogr. 25, 15–20 (1999)
The Consortium: Project webpage, 31 October 2015. https://www.trespass-project.eu
Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999). http://www.ddj.com/security/184414879
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)
Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008)
Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010)
Jürgenson, A., Willemson, J.: On fast and approximate attack tree computations. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds.) ISPEC 2010. LNCS, vol. 6047, pp. 56–66. Springer, Heidelberg (2010)
Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)
Casey, T.: Threat Agent Library Helps Identify Information Security Risks. Intel White Paper, Houston (2007)
Casey, T., Koeberl, P., Vishik, C.: Threat agents: a necessary component of threat analysis. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW 2010, pp. 56:1–56:4. ACM, New York (2010)
Rosenquist, M.: Prioritizing Information Security Risks with Threat Agent Risk Assessment. Intel White Paper, Houston (2010)
Pieters, W., Barendse, J., Ford, M., Heath, C.P., Probst, C.W.: The navigation metaphor in security economics. IEEE Secur. Priv. 14, Scheduled for publication in May/June 2016
Van Holsteijn, R.: The motivation of attackers in attack tree analysis. Master’s thesis, TU Delft (2015)
Cox Jr, L.A.: Game theory and risk analysis. Risk Anal. 29(8), 1062–1068 (2009)
Pieters, W., Davarynejad, M.: Calculating adversarial risk from attack trees: control strength and probabilistic attackers. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 201–215. Springer, Heidelberg (2015)
The Consortium: Final requirements for visualisation processes and tools Deliverable D4.1.2 (2015)
Pieters, W., Dimkov, T., Pavlovic, D.: Security policy alignment: a formal approach. IEEE Syst. J. 7(2), 275–287 (2013)
Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: 2nd International IEEE Workshop on Research on Insider Threats (WRIT 2013). IEEE Co-located with IEEE CS Security and Privacy 2013 (2013)
Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: 3rd International IEEE Workshop on Research on Insider Threats (WRIT 2014). IEEE Co-located with IEEE CS Security and Privacy 2014 (2014)
Winkler, I.S., Dealy, B.: Information security technology? don’t rely on it. a case study in social engineering. In: USENIX Security (1995)
Thornburgh, T.: Social engineering: the "dark art". In: Proceedings of the 1st Annual Conference on Information Security Curriculum Development, InfoSecCD 2004, pp. 133–135. ACM, New York (2004)
Mitnick, K.D., Simon, W.L., Wozniak, S.: The Art of Deception: Controlling the Human Element of Security. Wiley, Hoboken (2002)
Holley, P.: Driver follows GPS off demolished bridge, killing wife, police say, 15 October 2015. https://www.washingtonpost.com/news/morning-mix/wp/2015/03/31/driver
Knudson, T.: ’Death by GPS’ in desert, Last visited 15 October 2015 (2011). http://www.sacbee.com/entertainment/living/travel/article2573180.html
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)
Lenin, A., Willemson, J., Sari, D.P.: Attacker profiling in quantitative security assessment based on attack trees. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 199–212. Springer, Heidelberg (2014)
Buldas, A., Lenin, A.: New efficient utility upper bounds for the fully adaptive model of attack trees. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds.) GameSec 2013. LNCS, vol. 8252, pp. 192–205. Springer, Heidelberg (2013)
Lenin, A., Willemson, J., Charnamord, A.: Genetic approximations for the failure-free security games. In: Khouzani, M.H.R., et al. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 311–321. Springer, Heidelberg (2015). doi:10.1007/978-3-319-25594-1_17
Hall, P., Heath, C., Coles-Kemp, L., Tanner, A.: Examining the contribution of critical visualisation to information security. In: Proceedings of the 2015 New Security Paradigms Workshop. ACM (2015)
Heath, C.H.P., Coles-Kemp, L., Hall, P.A., et al.: Logical lego? co-constructed perspectives on service design. In: DS 81: Proceedings of NordDesign 2014, Espoo, Finland, 27–29th August 2014
Acknowledgment
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007–2013) under grant agreement no. 318003 (TRE\(_\mathrm {S}\)PASS). This publication reflects only the authors’ views and the Union is not liable for any use that may be made of the information contained herein.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Probst, C.W., Willemson, J., Pieters, W. (2016). The Attack Navigator. In: Mauw, S., Kordy, B., Jajodia, S. (eds) Graphical Models for Security. GraMSec 2015. Lecture Notes in Computer Science(), vol 9390. Springer, Cham. https://doi.org/10.1007/978-3-319-29968-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-29968-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29967-9
Online ISBN: 978-3-319-29968-6
eBook Packages: Computer ScienceComputer Science (R0)