Attacks on systems and organisations increasingly exploit human actors, for example through social engineering. This humanising of attacks complicates their formal treatment and automatic identification; formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
peer reviewedAttack trees provide a systematic way of characterizing diverse system threats. Their ...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Security analysis as the initial step of security engineering is of utmost importance. Current appro...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
peer reviewedAttack trees provide a systematic way of characterizing diverse system threats. Their ...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
Attacks on systems and organisations increasingly exploit human actors, for example through social e...
Attacks on systems and organisations increasingly exploit human actors, for example through social...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
Manually identifying possible attacks on an organisation is a complex undertaking; many different fa...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
Attack trees provide a formal, methodical way of describing the security of systems, based on varyin...
Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a sy...
Identification of threats to organisations and risk assessment often take into consideration the pur...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Comput...
Security analysis as the initial step of security engineering is of utmost importance. Current appro...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
peer reviewedAttack trees provide a systematic way of characterizing diverse system threats. Their ...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...