Rational choice of security measures via multi-parameter attack trees

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4347 LNCS, Issue , 2006, Pages 235-248

  Buldas, Ahto ^a,b,c   Laud, Peeter ^a,b   Priisalu, Jaan ^d   Saarepera, Märt ^e   Willemson, Jan ^a,b  

^a CYBERNETICA AS   (Estonia)

^b UNIVERSITY OF TARTU   (Estonia)

^c TALLINN UNIVERSITY OF TECHNOLOGY   (Estonia)

^d Hansapank   (Estonia)

^e NONE

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK TREE; MULTIPARAMETERS; PROBABILITY OF ATTACK; SECURITY MEASURE;

CRITICAL INFRASTRUCTURES; FORESTRY; RISK ANALYSIS; RISK ASSESSMENT;

COST BENEFIT ANALYSIS;

EID: 84885793990     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11962977_19     Document Type: Conference Paper

References (15)

1. Daniel Geer, Kevin Soo Hoo, and Andrew Jaquith. Information security: Why the future belongs to the quants. IEEE Security and Privacy, 1(4):24-32, 2003.
2. Wes Sonnenreich, Jason Albanese, and Bruce Stout. Return On Security Investment (ROSI) - A practical quantitative model. Journal of Research and Practice in Information Technology, 38(1):55-66, February 2006.
3. Yvo Desmedt. Potential impacts of a growing gap between theory and practice in information security. In Information Security and Privacy: 10th Australasian Conference, ACISP 2005, LNCS 3524, pages 532-536. Springer, 2005.
4. James W. Meritt. A method for quantitative risk analysis. In Proceedings of the 22nd National Information Systems Security Conference, 1999.
5. W.E. Vesely, F.F. Goldberg, N.H. Roberts, and D.F. Haasl. Fault Tree Handbook. US Government Printing Office, January 1981. Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission.
6. John Viega and Gary McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison Wesley Professional, 2001.
7. Andrew P. Moore, Robert J. Ellison, and Richard C. Linger. Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute, 2001.
8. Bruce Schneier. Attack trees: Modeling security threats. Dr. Dobb's Journal, 24(12):21-29, December 1999.
9. Bruce Schneier. Secrets & Lies. Digital Security in a Networked World. John Wiley & Sons, 2000.
10. Sjouke Mauw and Martijn Oostdijk. Foundations of attack trees. In Dongho Won and Seungjoo Kim, editors, International Conference on Information Security and Cryptology - ICISC 2005, LNCS 3935, pages 186-198. Springer, December 2005. In print.
11. Alexander Opel. Design and implementation of a support tool for attack trees. Technical report, Otto-von-Guericke University, March 2005. Internship Thesis.
12. Peng Liu, Wanyu Zang, and Meng Yu. Incentive-Based Modeling and Inference of Attacker Intent, Objectives and Strategies. ACM Transactions on Information and Systems Security, 8(1):78-118, 2005.
13. Stuart E. Schechter. Computer Security Strength & Risk: A Quantitative Approach. PhD thesis, Harvard University, 2004.
14. -2004 E-Crime Watch Survey. Summary of Findings. Conducted by CSO magazine in cooperation with the U.S. Secret Service & CERT Coordination Center. Available at http://www.cert.org/archive/pdf/2004eCrimeWatchSummary.pdf, 2004.
15. Gidi Cohen. The role of attack simulation in automating security risk management. Information Systems Control Journal, 1:51-54, 2005.