Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

  • Olga Gadyatskaya
  • Ravi Jhawar
  • Piotr Kordy
  • Karim Lounis
  • Sjouke Mauw
  • Rolando Trujillo-Rasua
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9826)

Abstract

In this tool demonstration paper we present the ADTool2.0: an open-source software tool for design, manipulation and analysis of attack trees. The tool supports ranking of attack scenarios based on quantitative attributes entered by the user; it is scriptable; and it incorporates attack trees with sequential conjunctive refinement.

References

  1. 1.
    Deavours, D.D., Clark, G., Courtney, T., Daly, D., Derisavi, S., Doyle, J.M., Sanders, W.H., Webster, P.G.: The möbius framework and its implementation. IEEE Trans. Softw. Eng. 28(10), 956–969 (2002)CrossRefGoogle Scholar
  2. 2.
    Gadyatskaya, O.: How to generate security cameras: towards defence generation for socio-technical systems. In: Mauw, S., et al. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 50–65. Springer, Heidelberg (2016). doi:10.1007/978-3-319-29968-6_4 CrossRefGoogle Scholar
  3. 3.
    Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., et al. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Heidelberg (2016). doi:10.1007/978-3-319-29968-6_6 CrossRefGoogle Scholar
  4. 4.
    Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D., Chakravarthy, S.R. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 339–353. Springer, Heidelberg (2015). doi:10.1007/978-3-319-18467-8_23 CrossRefGoogle Scholar
  5. 5.
    Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Kriaa, S., Bouissou, M., Pietre-Cambacedes, L.: Modeling the Stuxnet attack with BDMP: towards more formal risk assessments. In: Proceedings of the CRiSIS (2012)Google Scholar
  8. 8.
    LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using ADversary VIew Security Evaluation (ADVISE). In: Proceedings of QEST 2011, pp. 191–200. IEEE Computer Society, Washington, DC (2011)Google Scholar
  9. 9.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Mehta, V., Bartzis, C., Zhu, H., Clarke, E.: Ranking attack graphs. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Olga Gadyatskaya
    • 1
  • Ravi Jhawar
    • 1
  • Piotr Kordy
    • 1
  • Karim Lounis
    • 1
  • Sjouke Mauw
    • 1
  • Rolando Trujillo-Rasua
    • 1
  1. 1.SnTUniversity of LuxembourgLuxembourg CityLuxembourg

Personalised recommendations