Managing Security Risks Using Attack-Defense Trees
Name
Salman Lashkarara
Abstract
Nowadays there is an increasing demand for answering the security needs in systematic ways. The In this thesis, we have addressed risk management using Attack Tree.
Information System Security Risk Management (ISSRM) is a model which covers all the important concepts in risk management. Also, attack trees are simple and efficient tools for showing the risks. There are few extensions of attack trees, but none of them covers all risk concepts. The said problem limited the usage of attack tree model since it does not consider important measures such as countermeasures, or threat agent’s profile.
The contribution to resolve the problem in this thesis includes three steps.
Obtaining an alignment from Attack-Defense trees to ISSRM.
Measurement of the metrics of the nodes of tree using historical data
Implementation of a tool based on obtained tree.
Using the alignment, we have detected the uncovered concepts in Attack-Defense tree. Then we tried to add these concepts to the current Attack-Defense tree. Therefore, the new Attack-Defense tree (called Aligned Attack-Defense tree or A-ADTree) covers most important concepts of ISSRM. In order to measure the risk, we have proposed a mathematical model to evaluate the probability of the nodes in the tree, based on historical data. Then, implemented tool helps to materialize the effect of threat agent’s profile, and countermeasures on the risks. The result of implemented tool shows, the obtained A-ADTree has more capabilities (in the evaluation of the probability of risk) in comparison to previous versions.
This solution is capable of giving more hints for the project managers when they are deciding about possible solutions in industries. Additionally, this alignment helps to obtain another alignment between A-ADTree and the other modeling languages in future, since these modeling languages are already aligned to ISSRM.
Information System Security Risk Management (ISSRM) is a model which covers all the important concepts in risk management. Also, attack trees are simple and efficient tools for showing the risks. There are few extensions of attack trees, but none of them covers all risk concepts. The said problem limited the usage of attack tree model since it does not consider important measures such as countermeasures, or threat agent’s profile.
The contribution to resolve the problem in this thesis includes three steps.
Obtaining an alignment from Attack-Defense trees to ISSRM.
Measurement of the metrics of the nodes of tree using historical data
Implementation of a tool based on obtained tree.
Using the alignment, we have detected the uncovered concepts in Attack-Defense tree. Then we tried to add these concepts to the current Attack-Defense tree. Therefore, the new Attack-Defense tree (called Aligned Attack-Defense tree or A-ADTree) covers most important concepts of ISSRM. In order to measure the risk, we have proposed a mathematical model to evaluate the probability of the nodes in the tree, based on historical data. Then, implemented tool helps to materialize the effect of threat agent’s profile, and countermeasures on the risks. The result of implemented tool shows, the obtained A-ADTree has more capabilities (in the evaluation of the probability of risk) in comparison to previous versions.
This solution is capable of giving more hints for the project managers when they are deciding about possible solutions in industries. Additionally, this alignment helps to obtain another alignment between A-ADTree and the other modeling languages in future, since these modeling languages are already aligned to ISSRM.
Graduation Thesis language
English
Graduation Thesis type
Master - Software Engineering
Supervisor(s)
Raimundas Matulevicius
Defence year
2017