Attack Tree Generation by Policy Invalidation

  • Marieta Georgieva Ivanova
  • Christian W. ProbstEmail author
  • René Rydhof Hansen
  • Florian Kammüller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9311)


Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps.


Human Factor Social Engineering Attack Tree Global Policy Require Credential 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schneier, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal of Software Tools 24(12), 21–29 (1999)Google Scholar
  2. 2.
    Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings of the 27th Computer Security Foundations Symposium (CSF), pp. 337–350. IEEE (2014)Google Scholar
  3. 3.
    Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: 2nd International IEEE Workshop on Research on Insider Threats (WRIT 2013). IEEE (2013)Google Scholar
  4. 4.
    Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: 3rd International IEEE Workshop on Research on Insider Threats (WRIT 2014). IEEE (2014)Google Scholar
  5. 5.
    Probst, C.W., Hansen, R.R.: An extensible analysable system model. Information Security Technical Report 13(4), 235–246 (2008)CrossRefGoogle Scholar
  6. 6.
    Dimkov, T., Pieters, W., Hartel, P.: Portunes: representing attack scenarios spanning through the physical, digital and social domain. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 112–129. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  7. 7.
    Probst, C.W., Hansen, R.R., Nielson, F.: Where can an insider attack? In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 127–142. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  8. 8.
    de Nicola, R., Ferrari, G.L., Pugliese, R.: KLAIM: A kernel language for agents interaction and mobility. IEEE Trans. Softw. Eng. 24(5), 315–330 (1998)CrossRefGoogle Scholar
  9. 9.
    Robinson, J.A.: A machine-oriented logic based on the resolution principle. J. ACM 12(1), 23–41 (1965)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Dimkov, T.: Alignment of Organizational Security Policies - Theory and Practice. University of Twente (2012)Google Scholar
  11. 11.
    Pieters, W., Dimkov, T., Pavlovic, D.: Security policy alignment: A formal approach. IEEE Systems Journal 7(2), 275–287 (2013)CrossRefGoogle Scholar
  12. 12.
    Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodology. In: Proceedings of the 1998 Workshop on New Security Paradigms (NSPW), pp. 2–10 (September 1998)Google Scholar
  13. 13.
    Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on New security paradigms NSPW 1998, pp. 71–79 (1998)Google Scholar
  14. 14.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P 2002), vol. 129, pp. 273–284 (2002)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Marieta Georgieva Ivanova
    • 1
  • Christian W. Probst
    • 1
    Email author
  • René Rydhof Hansen
    • 2
  • Florian Kammüller
    • 3
  1. 1.Technical University of DenmarkLyngbyDenmark
  2. 2.Aalborg UniversityAalborgDenmark
  3. 3.Middlesex UniversityLondonUK

Personalised recommendations