论文信息 - Producing and evaluating crowdsourced computer security attack trees

Producing and evaluating crowdsourced computer security attack trees

We describe the recent developments of an open-source project called RATCHET that can be used by groups of users to collectively construct attack trees. We present the RATCHET framework as well as a model for testing and evaluation of the produced attack trees. RATCHET has been tested in classroom settings with positive results and this paper presents the plans for expanding its outreach to the community at large and building attack trees through crowdsourcing. This paper gives an overview of RATCHET and an introduction to its use.

[1] Sanjay Goel,et al. The Security Expertise Assessment Measure (SEAM): Developing a scale for hacker expertise , 2016, Comput. Secur..

[2] Makis Stamatelatos,et al. Fault tree handbook with aerospace applications , 2002 .

[3] Yongzheng Zhang,et al. Computer Vulnerability Evaluation Using Fault Tree Analysis , 2005, ISPEC.

[4] Dong Seong Kim,et al. Cyber security analysis using attack countermeasure trees , 2010, CSIIRW '10.

[5] George Markowsky,et al. Crowdsourcing Computer Security Attack Trees , 2015 .

[6] R.F. Mills,et al. Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[7] Peter Cunningham,et al. Electronic business revolution - opportunities and challenges in the 21st century , 1999 .

[8] Bruce Schneier,et al. Secrets and lies - digital security in a networked world: with new information about post-9/11 security , 2004 .

[9] Richard F. Paige,et al. Fault trees for security system design and analysis , 2003, Comput. Secur..