How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

  • Olga Gadyatskaya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9390)


Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.


Attack-defence trees Socio-technical models Generation of attack models Generation of defences 



This work was partially supported by the European Commission through the FP7 project TREsPASS (grant agreement n. 318003) and by Fonds National de la Recherche Luxembourg through the ADT2P project (grant n. C13/IS/5809105).


  1. 1.
    NIST Special Publication 800–30 Guide for conducting risk assessments. revision 1 (2012).
  2. 2.
    NIST Special Publication 800–53 Revision 4. Security and privacy controls for federal information systems and organizations (2013).
  3. 3.
    Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015)Google Scholar
  4. 4.
    Bagnato, A., Kordy, B., Meland, P.H., Sweitzer, P.: Attribute decoration of attack-defence trees. IJSSE 3(2), 1–35 (2012)Google Scholar
  5. 5.
    Dimkov, T., Pieters, W., Hartel, P.: Portunes: representing attack scenarios spanning through the physical, digital and social domain. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 112–129. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G.: A conceptual framework to study socio-technical security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 318–329. Springer, Heidelberg (2014)Google Scholar
  7. 7.
    Ford, M., Rensink, A., Willemson, J., Lenin, A., Probst, C.W., Gadyatskaya, O., Trujillo-Rasua, R., Hansen, R.R., Othman, B.: TREsPASS D3.4.1 Attack generation from socio-technical models (2014)Google Scholar
  8. 8.
    Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammuller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., et al. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Heidelberg (2016)Google Scholar
  9. 9.
    Kammuller, F., Probst, C.W.: Invalidating policies using structural information. In: Proceedings of IEEE S & P Workshops, pp. 229–235. IEEE (2013)Google Scholar
  10. 10.
    Kordy, B., Ivanova, M.G., Hansen, R.R., Probst, C.: TREsPASS D1.3.1 Initial prototype of socio-technical security model (2013)Google Scholar
  11. 11.
    Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014). Oxford University PressCrossRefMathSciNetzbMATHGoogle Scholar
  12. 12.
    Lenzini, G., Mauw, S., Ouchani, S.: Security analysis of socio-technical physical systems. Elsevier Comput. Electr. Eng. (2015)Google Scholar
  13. 13.
    Othmane, L., Ranchal, R., Fernando, R., Bhargava, B.K., Bodden, E.: Incorporating attacker capabilities in risk estimation and mitigation. Elsevier Comput. Secur. 51, 41–61 (2015)CrossRefGoogle Scholar
  14. 14.
    Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: Proceedings of CCS, pp. 336–345. ACM (2006)Google Scholar
  15. 15.
    Paul, S.: Technique for automating the construction and maintenance of attack trees. In: Proceedings of GraMSec, vol. 148, pp. 31–46. EPTCS (2014)Google Scholar
  16. 16.
    Pieters, W.: Representing humans in system security models: an actor-network approach. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 2(1), 75–92 (2012)Google Scholar
  17. 17.
    Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014 Workshops. LNCS, vol. 8938, pp. 363–375. Springer, Heidelberg (2015)Google Scholar
  18. 18.
    Probst, C.W., Hansen, R.R.: An extensible analysable system model. Inf. Secur. Tech. Rep. 13(4), 235–246 (2008)CrossRefGoogle Scholar
  19. 19.
    Radomirovic, S., Basin, D., Schlapfer, M.: A complete characterization of secure human-server communication. In: Proceedings of CSF. IEEE (2015)Google Scholar
  20. 20.
    Roy, A., Kim, D., Trivedi, K.: ACT: towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 3, 1–15 (2011)CrossRefGoogle Scholar
  21. 21.
    Roy, A., Kim, D., Trivedi, K.: Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees, pp. 1–12 (2012)Google Scholar
  22. 22.
    Vigo, R., Nielsen, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings of CSF, pp. 337–350. IEEE (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.SnT, University of LuxembourgLuxembourg CityLuxembourg

Personalised recommendations