Abstract
Subjective attack trees are an extension to traditional attack trees, proposed so to take uncertainty about likelihoods of security events into account during the modelling of security risk scenarios, using subjective opinions. This paper extends the work of subjective attack trees by allowing for the modelling of countermeasures, as well as conducting a comprehensive security and security investment analysis, such as risk measuring and analysis of profitable security investments. Our approach is evaluated against traditional attack trees. The results demonstrate the importance and advantage of taking uncertainty about probabilities into account. In terms of security investment, our approach seems to be more inclined to protect systems in presence of uncertainty (or lack of knowledge) about security events evaluations.
Original language | English |
---|---|
Title of host publication | Innovative Security Solutions for Information Technology and Communications |
Subtitle of host publication | SecITC 2020. Lecture Notes in Computer Science |
Editors | Diana Maimut, Andrei-George Oprina, Damien Sauveron |
Publisher | Springer |
Pages | 288-301 |
Number of pages | 14 |
Volume | 12596 |
ISBN (Electronic) | 978-3-030-69255-1 |
ISBN (Print) | 978-3-030-69254-4 |
DOIs | |
Publication status | Published - 4 Feb 2021 |
Event | Security Solutions for Information Technology and Communications - 13th International Conference - Bucharest, Romania Duration: 19 Nov 2020 → 20 Nov 2020 Conference number: 13th https://www.springer.com/gp/book/9783030692544?utm_campaign=bookpage_about_buyonpublisherssite&utm_medium=referral&utm_source=springerlink |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 12596 |
ISSN (Electronic) | 0302-9743 |
Conference
Conference | Security Solutions for Information Technology and Communications - 13th International Conference |
---|---|
Abbreviated title | SecITC 2020 |
Country/Territory | Romania |
City | Bucharest |
Period | 19/11/20 → 20/11/20 |
Internet address |
Keywords
- Attack trees
- risk analysis
- Subjective logic
- Risk analysis