Add to ORKGAttacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the sys- tem model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise ...
Abstract—In this paper we revisit the advances made on invalidation policies to explore attack possi...
In this paper, a new method for quantitative security risk assessment of complex systems is presente...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Security analysis as the initial step of security engineering is of utmost importance. Current appro...
Abstract—In this paper we revisit the advances made on invalidation policies to explore attack possi...
In this paper, a new method for quantitative security risk assessment of complex systems is presente...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Security analysis as the initial step of security engineering is of utmost importance. Current appro...
Abstract—In this paper we revisit the advances made on invalidation policies to explore attack possi...
In this paper, a new method for quantitative security risk assessment of complex systems is presente...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...