The Use of Attack and Protection Trees to Analyze Security for an Online Banking System

Author

Edge, Kenneth ; Raines, Richard ; Grimaila, Michael ; Baldwin, Rusty ; Bennington, Robert ; Reuter, Christopher

Author_Institution

Air Force Inst. of Technol., Wright-Patterson AFB, OH

fYear

2007

fDate

Jan. 2007

Abstract

Online banking has become increasingly important to the profitability of financial institutions as well as adding convenience for their customers. As the number of customers using online banking increases, online banking systems are becoming more desirable targets for criminals to attack. To maintain their customers´ trust and confidence in the security of their online bank accounts, financial institutions must identify how attackers compromise accounts and develop methods to protect them. Attack trees and protection trees are a cost effective way to do this. Attack trees highlight the weaknesses in a system and protection trees provide a methodical means of mitigating these weaknesses. In this paper, a notional online banking system is analyzed and protection solutions are proposed for varying budgets

Keywords

bank data processing; security of data; tree data structures; financial institution; online banking system; protection tree; security system; Availability; Banking; Costs; Government; Laboratories; Logic; Profitability; Protection; Security; TV;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on

Conference_Location

Waikoloa, HI

ISSN

1530-1605

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2007.558

Filename

4076665