How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.

[1]  David A. Basin,et al.  A Complete Characterization of Secure Human-Server Communication , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[2]  Florian Kammüller,et al.  Invalidating Policies using Structural Information , 2013, 2013 IEEE Security and Privacy Workshops.

[3]  Florian Kammüller,et al.  Transforming Graphical System Models to Graphical Attack Models , 2015, GraMSec@CSF.

[4]  Dong Seong Kim,et al.  Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[5]  Ana Ferreira,et al.  A Conceptual Framework to Study Socio-Technical Security , 2014, HCI.

[6]  Christian W. Probst,et al.  An extensible analysable system model , 2008, Inf. Secur. Tech. Rep..

[7]  Bharat K. Bhargava,et al.  Incorporating attacker capabilities in risk estimation and mitigation , 2015, Comput. Secur..

[8]  Mathieu Acher,et al.  Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis , 2014, SEFM Workshops.

[9]  Flemming Nielson,et al.  Automated Generation of Attack Trees , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[10]  Flemming Nielson,et al.  Pareto Efficient Solutions of Attack-Defence Trees , 2015, POST.

[11]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[12]  Wolter Pieters,et al.  Representing Humans in System Security Models: An Actor-Network Approach , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[13]  Pieter H. Hartel,et al.  Portunes: Representing Attack Scenarios Spanning through the Physical, Digital and Social Domain , 2010, ARSPA-WITS.

[14]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[15]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[16]  Samir Ouchani,et al.  Security analysis of socio-technical physical systems , 2015, Comput. Electr. Eng..