Abstract. Protecting socio-technical systems is a challenging task, as a single vulnerability or exposure of any component of the systems can lead to serious security breaches. This problem is exacerbated by the fact that the system development community has not kept up with advances in attack tactics. In this paper, we present ongoing research on the de-velopment of a holistic attack analysis technique. Our approach adopts a goal modeling technique to capture attacker malicious intention as anti-goals, which are systematically refined and operationalized into con-crete attack actions which target various assets (e.g., human, software, and hardware). A comprehensive attack pattern repository (CAPEC) is seamlessly integrated into our approac...
Security attacks are hard to understand, often expressed with unfriendly and limited details, making...
Caring for security at requirements engineering time is a message that has finally received some att...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
Abstract—The ever-growing complexity of systems makes their protection more challenging, as a single...
Security has been a growing concern for large organizations, especially financial and gov- ernmental...
International audienceCybersecurity is becoming vital as industries are gradually moving from automa...
International audienceSecurity at the design stage of the software life cycle can be performed by me...
Sensitive information faces critical risks when it is transmitted through computer networks. Existin...
International audience<p>Security attacks are hard to understand, often expressed with unfriendly an...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social...
Ekelhart A, Kiesling E, Grill B, Strauss C, Stummer C. Integrating attacker behavior in IT security ...
The different types of cyber-attacks on information and telecommunications systems are becoming incr...
Context: In order to provide more functionalities and services, systems collaborate with each other ...
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, School of Enginee...
Security attacks are hard to understand, often expressed with unfriendly and limited details, making...
Caring for security at requirements engineering time is a message that has finally received some att...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
Abstract—The ever-growing complexity of systems makes their protection more challenging, as a single...
Security has been a growing concern for large organizations, especially financial and gov- ernmental...
International audienceCybersecurity is becoming vital as industries are gradually moving from automa...
International audienceSecurity at the design stage of the software life cycle can be performed by me...
Sensitive information faces critical risks when it is transmitted through computer networks. Existin...
International audience<p>Security attacks are hard to understand, often expressed with unfriendly an...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social...
Ekelhart A, Kiesling E, Grill B, Strauss C, Stummer C. Integrating attacker behavior in IT security ...
The different types of cyber-attacks on information and telecommunications systems are becoming incr...
Context: In order to provide more functionalities and services, systems collaborate with each other ...
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, School of Enginee...
Security attacks are hard to understand, often expressed with unfriendly and limited details, making...
Caring for security at requirements engineering time is a message that has finally received some att...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...