Corpus ID: 41645945

Salman Lashkarara Managing Security Risks Using Attack-Defense Trees

  title={Salman Lashkarara Managing Security Risks Using Attack-Defense Trees},
  author={Salman Lashkarara and Raimundas Matulevi{\vc}ius},


Managing Information Security Risks The Octave Approach
People have search hundreds of times for their chosen novels like this managing information security risks the octave approach, but end up in malicious downloads, instead of reading a good book with a cup of coffee in the afternoon, instead they are facing with some malicious virus inside their desktop computer. Expand
Defense trees for economic evaluation of security investments
It is shown how the mixed qualitative and quantitative approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process. Expand
ADTool: Security Analysis with Attack- Defense Trees (Extended Version)
The ADTool is free, open source software assisting graphical modeling and quantitative analysis of security, using attack-defense trees, and supports the usage of attack trees, protection trees and defense trees. Expand
Rational Choice of Security Measures Via Multi-parameter Attack Trees
A simple risk-analysis based method for studying the security of institutions against rational (gain-oriented) attacks and uses elementary game theory to decide whether the system under protection is a realistic target for gain-oriented attackers. Expand
Foundations of Attack Trees
A denotational semantics is provided, based on a mapping to attack suites, which abstracts from the internal structure of an attack tree, which is indispensable to precisely understand how attack trees can be manipulated during construction and analysis. Expand
Fundamental of Bussiness Process Management
  • 2013
Foundations of Attack-Defense Trees
We introduce and give formal definitions of attack-defense trees. We argue that these trees are a simple, yet powerful tool to analyze complex security and privacy problems. Our formalization isExpand
Bpmn Method And Style
Model-based Management of Information System Security Risk
  • N. Mayer
  • Engineering, Computer Science
  • 2009
This thesis proposes a model-based approach for risk management, applicable from the early phases of information system development, and proposes an extension proposal of the Secure Tropos language and a process to follow for using this extension in the frame of risk management. Expand
Mal-Activity Diagrams for Capturing Attacks on Business Processes
  • G. Sindre
  • Engineering, Computer Science
  • 2007
This paper looks into another type of technique that could complement misuse cases for early elicitation of security requirements, namely mal-activity diagrams, which allow the inclusion of hostile activities together with legitimate activities in business process models. Expand