Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

Christoph Schmittner; Sebastian Chlup; Korbinian Christl

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

Christoph Schmittner (Autor:in und Vortragende:r)
, Sebastian Chlup
, Korbinian Christl

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.

Originalsprache	Englisch
Titel	Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023
Redakteure/-innen	Kemal Akkaya, Olivier Festor, Carol Fung, Mohammad Ashiqur Rahman, Lisandro Zambenedetti Granville, Carlos Raniery Paula dos Santos
Seiten	1-5
ISBN (elektronisch)	978-1-6654 -7716-1
Publikationsstatus	Veröffentlicht - 2023
Veranstaltung	2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023) - Miami, Miami, USA/Vereinigte Staaten Dauer: 8 Mai 2023 → … https://noms2023.ieee-noms.org/program/workshops/2nd-ieeeifip-international-workshop-technologies-network-twins-tnt-2023-4th

Workshop

Workshop	2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023)
Kurztitel	MFI5.0
Land/Gebiet	USA/Vereinigte Staaten
Stadt	Miami
Zeitraum	8/05/23 → …
Internetadresse	https://noms2023.ieee-noms.org/program/workshops/2nd-ieeeifip-international-workshop-technologies-network-twins-tnt-2023-4th

Research Field

Dependable Systems Engineering

Diese Publikation zitieren

Schmittner, Christoph ; Chlup, Sebastian ; Christl, Korbinian. / Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet. Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023. Hrsg. / Kemal Akkaya ; Olivier Festor ; Carol Fung ; Mohammad Ashiqur Rahman ; Lisandro Zambenedetti Granville ; Carlos Raniery Paula dos Santos. 2023. S. 1-5

@inproceedings{2253eb7b586943d08083756249751a79,

title = "Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet",

abstract = "Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.",

author = "Christoph Schmittner and Sebastian Chlup and Korbinian Christl",

year = "2023",

language = "English",

pages = "1--5",

editor = "Kemal Akkaya and Olivier Festor and Carol Fung and Rahman, \{Mohammad Ashiqur\} and Granville, \{Lisandro Zambenedetti\} and \{Paula dos Santos\}, \{Carlos Raniery\}",

booktitle = "Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023",

note = "2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) \& 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023), MFI5.0 ; Conference date: 08-05-2023",

url = "https://noms2023.ieee-noms.org/program/workshops/2nd-ieeeifip-international-workshop-technologies-network-twins-tnt-2023-4th",

}

Schmittner, C , Chlup, S & Christl, K 2023, Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet. in K Akkaya, O Festor, C Fung, MA Rahman, LZ Granville & CR Paula dos Santos (Hrsg.), Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023. S. 1-5, 2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023), Miami, USA/Vereinigte Staaten, 8/05/23.

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet. / Schmittner, Christoph (Autor:in und Vortragende:r); Chlup, Sebastian ; Christl, Korbinian.
Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023. Hrsg. / Kemal Akkaya; Olivier Festor; Carol Fung; Mohammad Ashiqur Rahman; Lisandro Zambenedetti Granville; Carlos Raniery Paula dos Santos. 2023. S. 1-5.

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

TY - GEN

T1 - Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

AU - Chlup, Sebastian

AU - Christl, Korbinian

A2 - Schmittner, Christoph

A2 - Akkaya, Kemal

A2 - Festor, Olivier

A2 - Fung, Carol

A2 - Rahman, Mohammad Ashiqur

A2 - Granville, Lisandro Zambenedetti

A2 - Paula dos Santos, Carlos Raniery

PY - 2023

Y1 - 2023

N2 - Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.

AB - Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.

M3 - Conference Proceedings with Oral Presentation

SP - 1

EP - 5

BT - Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023

T2 - 2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023)

Y2 - 8 May 2023

ER -

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

Abstract

Workshop

Research Field

Fingerprint

Diese Publikation zitieren