Semi-automatically Augmenting Attack Trees Using an Annotated Attack Tree Library

Justifying answer sets using argumentation

Theory and Practice of Logic Programming ◽

10.1017/s1471068414000702 ◽

2015 ◽

Vol 16 (1) ◽

pp. 59-110 ◽

Cited By ~ 15

Author(s):

CLAUDIA SCHULZ ◽

FRANCESCA TONI

Keyword(s):

Logic Programming ◽

Logic Program ◽

Argumentation Theory ◽

Attack Tree ◽

Attack Trees ◽

Answer Sets ◽

Answer Set

AbstractAn answer set is a plain set of literals which has no further structure that would explain why certain literals are part of it and why others are not. We show how argumentation theory can help to explain why a literal is or is not contained in a given answer set by defining two justification methods, both of which make use of the correspondence between answer sets of a logic program and stable extensions of the assumption-based argumentation (ABA) framework constructed from the same logic program.Attack Treesjustify a literal in argumentation-theoretic terms, i.e. using arguments and attacks between them, whereasABA-Based Answer Set Justificationsexpress the same justification structure in logic programming terms, that is using literals and their relationships. Interestingly, an ABA-Based Answer Set Justification corresponds to an admissible fragment of the answer set in question, and an Attack Tree corresponds to an admissible fragment of the stable extension corresponding to this answer set.

Download Full-text

Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems

Applied Sciences ◽

10.3390/app10238423 ◽

2020 ◽

Vol 10 (23) ◽

pp. 8423

Author(s):

Donatas Vitkus ◽

Jonathan Salter ◽

Nikolaj Goranin ◽

Dainius Čeponis

Keyword(s):

Expert System ◽

Risk Analysis ◽

Expert Systems ◽

Knowledge Base ◽

Automated Analysis ◽

Knowledge Bases ◽

It Security ◽

Security Risk ◽

Attack Tree ◽

Attack Trees

Information technology (IT) security risk analysis preventatively helps organizations in identifying their vulnerable systems or internal controls. Some researchers propose expert systems (ES) as the solution for risk analysis automation since risk analysis by human experts is expensive and timely. By design, ES need a knowledge base, which must be up to date and of high quality. Manual creation of databases is also expensive and cannot ensure stable information renewal. These facts make the knowledge base automation process very important. This paper proposes a novel method of converting attack trees to a format usable by expert systems for utilizing the existing attack tree repositories in facilitating information and IT security risk analysis. The method performs attack tree translation into the Java Expert System Shell (JESS) format, by consistently applying ATTop, a software bridging tool that enables automated analysis of attack trees using a model-driven engineering approach, translating attack trees into the eXtensible Markup Language (XML) format, and using the newly developed ATES (attack trees to expert system) program, performing further XML conversion into JESS compatible format. The detailed method description, along with samples of attack tree conversion and results of conversion experiments on a significant number of attack trees, are presented and discussed. The results demonstrate the high method reliability rate and viability of attack trees as a source for the knowledge bases of expert systems used in the IT security risk analysis process.

Download Full-text

Cyber Attacks Against E-Learning Platforms. A Case Study Using Attack Trees

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2020.01.05 ◽

2020 ◽

Vol 9 (1) ◽

pp. 37-42

Author(s):

Gabriel PETRICĂ ◽

Ioan-Cosmin MIHAI

Keyword(s):

Cyber Attacks ◽

Educational Activity ◽

Attack Tree ◽

Global Context ◽

Software Vulnerabilities ◽

Learning Platform ◽

Attack Trees ◽

E Learning ◽

Learning Platforms

The global context of the first part of 2020 has led to a change in the way humanity has carried out its professional and educational activity. E-learning platforms have become an interesting target for cyber attackers. This paper presents the evolution of Moodle vulnerabilities and a possible AT (Attack Tree) built around this e-learning platform. The AT highlights software vulnerabilities and physical events that can compromise the security / availability of a Moodle platform.

Download Full-text

Attack-tree-based Threat Modeling of Medical Implants

10.29007/8gxh ◽

2018 ◽

Author(s):

Muhammad Ali Siddiqi ◽

Robert M. Seepers ◽

Mohammad Hamad ◽

Vassilis Prevelakis ◽

Christos Strydis

Keyword(s):

Security Protocols ◽

Medical Implants ◽

Implantable Medical Devices ◽

Attack Tree ◽

Threat Modeling ◽

Modeling Analysis ◽

Attack Trees ◽

Proportional Increase ◽

Attack Surface ◽

Almost All

Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless- communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. There is, thus, a rising trend towards increased connectivity of these devices. The down- side of this trend is, however, a proportional increase in the attack surface that can be exploited by a malicious entity. In effect, threat modeling of IMDs becomes ever more important. This is reflected by an increase in the number of vulnerabilities being found consistently in the IMDs available in market. This paper proposes a threat-modeling analysis based on attack trees to evaluate the security of these devices. As an example, three recent lightweight IMD security protocols from literature are analyzed using this approach to demonstrate its effectiveness in suggesting security improvements.

Download Full-text