Effective Analysis of Attack Trees: A Model-Driven Approach

Attack trees (ATs) are a popular formalism for security analysis, and numerous variations and tools have been developed around them. These were mostly developed independently, and offer little interoperability or ability to combine various AT features.

[1]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[2]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[3]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[4]  Markus Völter,et al.  Model-Driven Software Development: Technology, Engineering, Management , 2006 .

[5]  R.F. Mills,et al.  Analyzing Attack Trees using Generalized Stochastic Petri Nets , 2006, 2006 IEEE Information Assurance Workshop.

[6]  Marcel Verhoef,et al.  Timed automata based analysis of embedded system architectures , 2006, IPDPS.

[7]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[8]  Gabor Karsai,et al.  Metamodelling - State of the Art and Research Challenges , 2007, Model-Based Engineering of Embedded Real-Time Systems.

[9]  Frank Budinsky,et al.  EMF: Eclipse Modeling Framework 2.0 , 2009 .

[10]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[11]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[12]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[13]  Barbara Kordy,et al.  Quantitative Questions on Attack-Defense Trees , 2012, ICISC.

[14]  Stefano Bistarelli,et al.  Evaluation of complex security scenarios using defense trees and economic indexes , 2012, J. Exp. Theor. Artif. Intell..

[15]  Mariëlle Stoelinga,et al.  DFTCalc: a tool for efficient fault tree analysis (extended version) , 2013 .

[16]  Paulo Romero Martins Maciel,et al.  OpenMADS: An Open Source Tool for Modeling and Analysis of Distributed Systems , 2013, SAFECOMP.

[17]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[18]  Alberto Rodrigues da Silva,et al.  Model-driven engineering: A survey supported by the unified conceptual model , 2015, Comput. Lang. Syst. Struct..

[19]  Rajesh Kumar,et al.  Quantitative Attack Tree Analysis via Priced Timed Automata , 2015, FORMATS.

[20]  Ludovic Apvrille,et al.  SysML-Sec: A model driven approach for designing safe and secure systems , 2015, 2015 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[21]  Rajesh Kumar,et al.  Sequential and Parallel Attack Tree Modelling , 2015, SAFECOMP Workshops.

[22]  Rajesh Kumar,et al.  Time Dependent Analysis with Dynamic Counter Measure Trees , 2015, ArXiv.

[23]  Marco Gribaudo,et al.  Exploiting Bayesian Networks for the Analysis of Combined Attack Trees , 2015, PASM.

[24]  Peter Liggesmeyer,et al.  Qualitative and Quantitative Analysis of CFTs Taking Security Causes into Account , 2015, SAFECOMP Workshops.

[25]  Holger Hermanns,et al.  The Value of Attack-Defence Diagrams , 2016, POST.

[26]  Flemming Nielson,et al.  Quantitative Verification and Synthesis of Attack-Defence Scenarios , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[27]  Kim G. Larsen,et al.  Modelling Attack-defense Trees Using Timed Automata , 2016, FORMATS.

[28]  Olga Gadyatskaya,et al.  Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0 , 2016, QEST.

[29]  Olga Gadyatskaya,et al.  Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study , 2016, PoEM.

[30]  Sebastian Junges,et al.  A Storm is Coming: A Modern Probabilistic Model Checker , 2017, CAV.

[31]  Arend Rensink,et al.  How to Efficiently Build a Front-End Tool for UPPAAL: A Model-Driven Approach , 2017, SETTA.

[32]  Arend Rensink,et al.  Uniform analysis of fault trees through model transformations , 2017, 2017 Annual Reliability and Maintainability Symposium (RAMS).

[33]  Rajesh Kumar,et al.  Quantitative Security and Safety Analysis with Attack-Fault Trees , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).