The attack navigator

Journal article (2016)

Authors

Christian W. Probst Technical University of Denmark

Jan Willemson Cybernetica

W. Pieters Safety and Security Science -

Research Group

Safety and Security Science () (TU Delft)

DOI: https://doi.org/10.1007/978-3-319-29968-6_1

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:0f3e1449-b5de-49c6-ac1f-20ea324dad2c

Published Date

2016

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Department

Values Technology and Innovation

Research Group

Safety and Security Science

Abstract

The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions.

Files

GramSec_ProbstWillemsonPieters... (.pdf)

(.pdf | 0.365 Mb)