Security Analysis Using Subjective Attack Trees

Nasser Al-Hadhrami, Matthew Collinson, Nir Oren

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Subjective attack trees are an extension to traditional attack trees, proposed so to take uncertainty about likelihoods of security events into account during the modelling of security risk scenarios, using subjective opinions. This paper extends the work of subjective attack trees by allowing for the modelling of countermeasures, as well as conducting a comprehensive security and security investment analysis, such as risk measuring and analysis of profitable security investments. Our approach is evaluated against traditional attack trees. The results demonstrate the importance and advantage of taking uncertainty about probabilities into account. In terms of security investment, our approach seems to be more inclined to protect systems in presence of uncertainty (or lack of knowledge) about security events evaluations.
Original languageEnglish
Title of host publicationInnovative Security Solutions for Information Technology and Communications
Subtitle of host publicationSecITC 2020. Lecture Notes in Computer Science
EditorsDiana Maimut, Andrei-George Oprina, Damien Sauveron
PublisherSpringer
Pages288-301
Number of pages14
Volume12596
ISBN (Electronic)978-3-030-69255-1
ISBN (Print)978-3-030-69254-4
DOIs
Publication statusPublished - 4 Feb 2021
EventSecurity Solutions for Information Technology and Communications - 13th International Conference - Bucharest, Romania
Duration: 19 Nov 202020 Nov 2020
Conference number: 13th
https://www.springer.com/gp/book/9783030692544?utm_campaign=bookpage_about_buyonpublisherssite&utm_medium=referral&utm_source=springerlink

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume12596
ISSN (Electronic)0302-9743

Conference

ConferenceSecurity Solutions for Information Technology and Communications - 13th International Conference
Abbreviated titleSecITC 2020
CountryRomania
CityBucharest
Period19/11/2020/11/20
Internet address

Keywords

  • Attack trees
  • risk analysis
  • Subjective logic
  • Risk analysis

Fingerprint Dive into the research topics of 'Security Analysis Using Subjective Attack Trees'. Together they form a unique fingerprint.

Cite this