Skip to main content
SpringerLink
Log in

Processing Multi-parameter Attacktrees with Estimated Parameter Values

  • Conference paper
Advances in Information and Computer Security (IWSEC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4752))

Included in the following conference series:

Abstract

Authors extend the multi-parameter attacktree model to include inaccurate or estimated parameter values, which are modelled as probabilistic interval estimations. The paper develops mathematical tools to extend the computation rules of the attacktree model to work with interval estimations instead of point estimates. We present a sample computation routine and discuss how to interpret the analysis results and how to choose the optimal or an economically justified security level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  2. Geer, D., Hoo, K.S., Jaquith, A.: Information security: Why the future belongs to the quants. IEEE Security and Privacy 1(4), 24–32 (2003)

    Article  Google Scholar 

  3. Sonnenreich, W., Albanese, J., Stout, B.: Return On Security Investment (ROSI) – A practical quantitative model. Journal of Research and Practice in Information Technology 38(1), 55–66 (2006)

    Google Scholar 

  4. Rieke, R.: Modelling and analysing network security policies in a given vulnerability setting. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 67–78. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Sheyner, O., Wing, J.: Tools for generating and analyzing attack graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)

    Google Scholar 

  6. Meritt, J.W.: A method for quantitative risk analysis. In: Proceedings of the 22nd National Information Systems Security Conference (1999)

    Google Scholar 

  7. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2002)

    Google Scholar 

  8. Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63 (2002)

    Google Scholar 

  9. Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault Tree Handbook. US Government Printing Office, Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission (January 1981)

    Google Scholar 

  10. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison Wesley Professional, Reading (2001)

    Google Scholar 

  11. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute (2001)

    Google Scholar 

  12. Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24(12), 21–29 (1999)

    Google Scholar 

  13. Schneier, B.: Secrets & Lies. Digital Security in a Networked World. John Wiley & Sons, Chichester (2000)

    Google Scholar 

  14. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Opel, A.: Design and implementation of a support tool for attack trees. Technical report, Otto-von-Guericke University Internship Thesis (March 2005)

    Google Scholar 

  16. Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures via Multi-Parameter Attack Trees. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: 20th Annual Computer Security Applications Conference, pp. 370–379 (December 2004)

    Google Scholar 

  18. Kleiter, G.D.: Propagating imprecise probabilities in bayesian networks. Artificial Intelligence 88(1-2), 143–161 (1996)

    Article  MATH  Google Scholar 

  19. Borsotto, M., Zhang, W., Kapanci, E., Pfeffer, A., Crick, C.: A junction tree propagation algorithm for bayesian networks with second-order uncertainties. In: Proceedings of the 18th IEEE International Conference on Tools with Artificial Intelligence, pp. 455–464 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Tallinn University of Technology, Raja 15, 12618 Tallinn, Estonia

    Aivo Jürgenson

  2. Elion Enterprises Ltd, Endla 16, 15033 Tallinn, Estonia

    Aivo Jürgenson

  3. Tartu University, Institute of Computer Science, Liivi 2, Tartu, Estonia

    Jan Willemson

  4. Cybernetica, Aleksandri 8a, Tartu, Estonia

    Jan Willemson

Authors
  1. Aivo Jürgenson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Willemson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Atsuko Miyaji Hiroaki Kikuchi Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jürgenson, A., Willemson, J. (2007). Processing Multi-parameter Attacktrees with Estimated Parameter Values. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds) Advances in Information and Computer Security. IWSEC 2007. Lecture Notes in Computer Science, vol 4752. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75651-4_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75651-4_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75650-7

  • Online ISBN: 978-3-540-75651-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation