Title :
System level security modeling using attack trees
Author :
Khand, Parvaiz Ahmed
Author_Institution :
Dept. of Nucl. & Quantum Eng., Korea Adv. Inst. of Sci. & Technol. (KAIST), Daejeon
Abstract :
Vulnerabilities in intrusion tolerant systems have dependence on various dynamic aspects such as redundant mechanisms, fault and error recovery mechanisms, and different operation modes. The conventional nodes of attack trees cannot adequately capture the attacks towards those systems, thus constructing security models for the systems is very difficult. This paper introduces new nodes to model the security of those systems. The nodes include: PAND node, k/n node, SEQ node, CSUB node, and Housing node. We provide the syntax and graphical representation for each node. The nodes allow us to model attacks that require exploitation of vulnerabilities which have dependence on ordering events, sequence-dependant events, conditional failures and mechanisms which involve configuration changes with time. We use the nodes to construct attack trees for different security related systems.
Keywords :
fault tolerant computing; security of data; system recovery; trees (mathematics); attack tree; conditional failure; error recovery mechanism; fault recovery mechanism; graphical node representation; intrusion tolerant system vulnerability; ordering event; sequence-dependant event; system level security modeling; Automation; Computer security; Error correction; Fault detection; Fault trees; Nuclear and plasma sciences; Redundancy; Tree graphs; Visualization; XML; Security modelings; attack tree; attack tree nodes;
Conference_Titel :
Computer, Control and Communication, 2009. IC4 2009. 2nd International Conference on
Conference_Location :
Karachi
Print_ISBN :
978-1-4244-3313-1
Electronic_ISBN :
978-1-4244-3314-8
DOI :
10.1109/IC4.2009.4909245
