The Attack Navigator

The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions.

[1]  Ira S. Winkler,et al.  Information Security Technology? Don't Rely on It. A Case Study in Social Engineering , 1995, USENIX Security Symposium.

[2]  Jr. Louis Anthony Cox,et al.  Game Theory and Risk Analysis , 2009 .

[3]  Reza Pulungan,et al.  Time-Dependent Analysis of Attacks , 2014, POST.

[4]  Tim Thornburgh Social engineering: the "Dark Art" , 2004, InfoSecCD '04.

[5]  Jan Willemson,et al.  Genetic Approximations for the Failure-Free Security Games , 2015, GameSec.

[6]  Timothy Casey,et al.  Threat agents: a necessary component of threat analysis , 2010, CSIIRW '10.

[7]  Florian Kammüller,et al.  Invalidating Policies using Structural Information , 2013, 2013 IEEE Security and Privacy Workshops.

[8]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[9]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[10]  Lizzie Coles-Kemp,et al.  Examining the Contribution of Critical Visualisation to Information Security , 2015, NSPW '15.

[11]  B Fischhoff,et al.  Risk perception and communication unplugged: twenty years of process. , 1995, Risk analysis : an official publication of the Society for Risk Analysis.

[12]  Ahto Buldas,et al.  New Efficient Utility Upper Bounds for the Fully Adaptive Model of Attack Trees , 2013, GameSec.

[13]  Florian Kammüller,et al.  Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis , 2014, 2014 IEEE Security and Privacy Workshops.

[14]  Wolter Pieters,et al.  The Navigation Metaphor in Security Economics , 2016, IEEE Security & Privacy.

[15]  Jan Willemson,et al.  On Fast and Approximate Attack Tree Computations , 2010, ISPEC.

[16]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[17]  Sheila Jasanoff,et al.  The political science of risk perception , 1998 .

[18]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[19]  F. A. Van Holsteijn,et al.  The motivation of attackers in attack tree analysis , 2015 .

[20]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[21]  Wolter Pieters,et al.  Security Policy Alignment: A Formal Approach , 2013, IEEE Systems Journal.

[22]  Jan Willemson,et al.  Attacker Profiling in Quantitative Security Assessment Based on Attack Trees , 2014, NordSec.

[23]  Timothy Casey,et al.  Threat Agent Library Helps Identify Information Security Risks , 2007 .

[24]  Wolter Pieters,et al.  Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers , 2015, DPM/SETOP/QASA.

[25]  Peter Hall,et al.  Logical Lego? Co-Constructed Perspectives on Service Design , 2014 .

[26]  N. Weinstein What does it mean to understand a risk? Evaluating risk comprehension. , 1999, Journal of the National Cancer Institute. Monographs.