Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size, necessitating a significant amount of resources to generate. In addition, generating composited attack models for complex systems such as self-adaptive or AI is very difficult due to their nature to continuously change. In this paper, we present a novel fragment-based attack graph generation approach that utilizes information from publicly available information security databases. Furthermore, we also propose a domain-specific language for attack modeling, which we employ in the proposed attack graph generation approach. Finally, we present a demonstrator example showcasing the attack generator's capability to replicate a verified attack chain, as previously confirmed by security experts.
Recommended Citation
Pekaric, Irdin; Frick, Markus; Adigun, Jubril Gbolahan; Groner, Raffaela; Witte, Thomas; Raschke, Alexander; Felderer, Michael; and Tichy, Matthias, "Streamlining Attack Tree Generation: A Fragment-Based Approach" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 6.
https://aisel.aisnet.org/hicss-57/st/cybersecurity_and_sw_assurance/6
Streamlining Attack Tree Generation: A Fragment-Based Approach
Hilton Hawaiian Village, Honolulu, Hawaii
Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size, necessitating a significant amount of resources to generate. In addition, generating composited attack models for complex systems such as self-adaptive or AI is very difficult due to their nature to continuously change. In this paper, we present a novel fragment-based attack graph generation approach that utilizes information from publicly available information security databases. Furthermore, we also propose a domain-specific language for attack modeling, which we employ in the proposed attack graph generation approach. Finally, we present a demonstrator example showcasing the attack generator's capability to replicate a verified attack chain, as previously confirmed by security experts.
https://aisel.aisnet.org/hicss-57/st/cybersecurity_and_sw_assurance/6