• Corpus ID: 16304078

INFORMATION SECURITY ATTACK TREE MODELING An Effective Approach for Enhancing Student Learning

@inproceedings{Odubiyi2005INFORMATIONSA,
  title={INFORMATION SECURITY ATTACK TREE MODELING An Effective Approach for Enhancing Student Learning},
  author={Jid{\'e} B. Odubiyi and Casey O'Brien},
  year={2005}
}
This paper presents a framework for enhancing student learning about the vulnerabilities of information assets of a business enterprise using attack tree modeling. Using this framework, students get an overview of the methodology as well as learn how to implement it with a well-known list of information security vulnerabilities. As a result, students can provide input into threat modeling strategies and operating procedures and thus, increase overall confidentiality, integrity, and availability… 

Figures from this paper

Working Notes for the 2010 AAAI Workshop on Intelligent Security (SecArt)
TLDR
A toolset for managing the configuration and management of large-scale networks and its implementation encompasses the complete cycle, from initial network modeling and extraction of the relevant constraints, through translation into a formal constraint model, and finally the application of a Linear Programming solver to determine feasibility.
Crowdsourcing Computer Security Attack Trees
TLDR
This paper describes an open-source project called RATCHET, which is to create software that can be used by large groups of people to construct attack trees and describes some of the features that are planned to add.
A Formal Rule-Based Scheme for Digital Investigation in Wireless Ad-hoc Networks
  • S. Rekhis, N. Boudriga
  • Computer Science
    2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering
  • 2009
TLDR
An inference system is developed that integrates the two types of evidences, handles incompleteness and duplication of information in them, and allows to generate potential and provable actions and attack scenarios in wireless environment.
Presentations and other scholarship 5-31-2015 Crowdsourcing Computer Security Attack Trees
TLDR
This paper describes an open-source project called RATCHET, which is to create software that can be used by large groups of people to construct attack trees and describes some of the features that are planned to add.

References

SHOWING 1-10 OF 13 REFERENCES
Attack Modeling for Information Security and Survivability
TLDR
This technical note describes and illustrates an approach for documenting attack information in a structured and reusable form and expects that security analysts can use this approach to document and identify commonly occurring attack patterns, and that information system designers andAnalysts can use these patterns to develop more survivable information systems.
Toward an automated attack model for red teams
TLDR
The authors contend that an attack model with UML-based use cases, sequence and state chart diagrams, and XML would best help red teams achieve attack automation.
Toward a secure system engineering methodolgy
TLDR
This paper presents a methodology for enumerating the vuinerabilities of a system, and determining what countermeasures can best close those vulnerabilities, and demonstrates how to correlate the attacker's characteristics with the characteristics of the vulnerability to see if an actual threat exists.
A Study in Using Neural Networks for Anomaly and Misuse Detection
TLDR
New process-based intrusion detection approaches are described that provide the ability to generalize from previously observed behavior to recognize future unseen behavior and can be used for both anomaly detection and misuse detection.
Why cryptosystems fail
TLDR
It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures, suggesting that a paradigm shift is overdue in computer security.
Attack Trees, Dr
  • Dobb’s Journal,
  • 1999
Security focus
  • D. Davies
  • Computer Science
    Comput. Law Secur. Rev.
  • 1987
Walkthrough: Creating a Threat Model for a Web Application
  • Walkthrough: Creating a Threat Model for a Web Application
  • 2005
The TeleManagement Forum www.tmforum.org
  • The TeleManagement Forum www.tmforum.org
...
...