From Attacker Models to Reliable Security

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security Pub Date : 2019-07-02 DOI:10.1145/3321705.3329915

H. Mantel

{"title":"From Attacker Models to Reliable Security","authors":"H. Mantel","doi":"10.1145/3321705.3329915","DOIUrl":null,"url":null,"abstract":"Attack trees are a popular graphical notation for capturing threats to IT systems. They can be used to describe attacks in terms of attacker goals and attacker actions. By focusing on the viewpoint of a single attacker and on a particular attacker goal in the creation of an attack tree, one reduces the conceptual complexity of threat modeling substantially. Aspects not covered by attack trees, like the behavior of the system under attack, can then be described using other models to enable a security analysis based on a combination of the models. Despite the high popularity of attack trees in security engineering for many years, some pitfalls in their use were identified only recently. In this talk, I will point out such difficulties, outline how attack trees can be used in combination with system models, and clarify the consequences of different combinations for security analysis results. After a security analysis of an abstract model, the insights gained need to be mapped to reality. I will introduce an automata-based model of run-time monitors and will show how defenses in this model can be realized at runtime with the CliSeAu system.","PeriodicalId":189657,"journal":{"name":"Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3321705.3329915","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Attack trees are a popular graphical notation for capturing threats to IT systems. They can be used to describe attacks in terms of attacker goals and attacker actions. By focusing on the viewpoint of a single attacker and on a particular attacker goal in the creation of an attack tree, one reduces the conceptual complexity of threat modeling substantially. Aspects not covered by attack trees, like the behavior of the system under attack, can then be described using other models to enable a security analysis based on a combination of the models. Despite the high popularity of attack trees in security engineering for many years, some pitfalls in their use were identified only recently. In this talk, I will point out such difficulties, outline how attack trees can be used in combination with system models, and clarify the consequences of different combinations for security analysis results. After a security analysis of an abstract model, the insights gained need to be mapped to reality. I will introduce an automata-based model of run-time monitors and will show how defenses in this model can be realized at runtime with the CliSeAu system.

查看原文本刊更多论文

从攻击者模型到可靠的安全性

攻击树是捕获IT系统威胁的流行图形符号。它们可用于根据攻击者的目标和攻击者的行为来描述攻击。在创建攻击树时，通过关注单个攻击者的观点和特定攻击者的目标，可以大大降低威胁建模的概念复杂性。攻击树未涵盖的方面，比如受到攻击的系统的行为，然后可以使用其他模型来描述，以支持基于模型组合的安全分析。尽管多年来攻击树在安全工程中非常流行，但直到最近才发现其使用中的一些缺陷。在这次演讲中，我将指出这些困难，概述如何将攻击树与系统模型结合使用，并阐明不同组合对安全分析结果的影响。在对抽象模型进行安全分析之后，需要将获得的见解映射到现实中。我将介绍一个基于自动机的运行时监视器模型，并展示如何使用CliSeAu系统在运行时实现该模型中的防御。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

自引率

0.00%

发文量