Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

Christoph Schmittner; Sebastian Chlup; Korbinian Christl

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

Christoph Schmittner (Author and Speaker), Sebastian Chlup, Korbinian Christl

Security & Communication Technologies

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

Abstract

Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.

Original language	English
Title of host publication	Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023
Editors	Kemal Akkaya, Olivier Festor, Carol Fung, Mohammad Ashiqur Rahman, Lisandro Zambenedetti Granville, Carlos Raniery Paula dos Santos
Pages	1-5
ISBN (Electronic)	978-1-6654 -7716-1
Publication status	Published - 2023
Event	2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023) - Miami, Miami, United States Duration: 8 May 2023 → … https://noms2023.ieee-noms.org/program/workshops/2nd-ieeeifip-international-workshop-technologies-network-twins-tnt-2023-4th

Workshop

Workshop	2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023)
Abbreviated title	MFI5.0
Country/Territory	United States
City	Miami
Period	8/05/23 → …
Internet address	https://noms2023.ieee-noms.org/program/workshops/2nd-ieeeifip-international-workshop-technologies-network-twins-tnt-2023-4th

Research Field

Dependable Systems Engineering

Cite this

Schmittner, Christoph ; Chlup, Sebastian ; Christl, Korbinian. / Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet. Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023. editor / Kemal Akkaya ; Olivier Festor ; Carol Fung ; Mohammad Ashiqur Rahman ; Lisandro Zambenedetti Granville ; Carlos Raniery Paula dos Santos. 2023. pp. 1-5

@inproceedings{2253eb7b586943d08083756249751a79,

title = "Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet",

abstract = "Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.",

author = "Christoph Schmittner and Sebastian Chlup and Korbinian Christl",

year = "2023",

language = "English",

pages = "1--5",

editor = "Kemal Akkaya and Olivier Festor and Carol Fung and Rahman, {Mohammad Ashiqur} and Granville, {Lisandro Zambenedetti} and {Paula dos Santos}, {Carlos Raniery}",

booktitle = "Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023",

note = "2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023), MFI5.0 ; Conference date: 08-05-2023",

url = "https://noms2023.ieee-noms.org/program/workshops/2nd-ieeeifip-international-workshop-technologies-network-twins-tnt-2023-4th",

}

Schmittner, C , Chlup, S & Christl, K 2023, Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet. in K Akkaya, O Festor, C Fung, MA Rahman, LZ Granville & CR Paula dos Santos (eds), Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023. pp. 1-5, 2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023), Miami, United States, 8/05/23.

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet. / Schmittner, Christoph (Author and Speaker); Chlup, Sebastian ; Christl, Korbinian.
Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023. ed. / Kemal Akkaya; Olivier Festor; Carol Fung; Mohammad Ashiqur Rahman; Lisandro Zambenedetti Granville; Carlos Raniery Paula dos Santos. 2023. p. 1-5.

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

TY - GEN

T1 - Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

AU - Chlup, Sebastian

AU - Christl, Korbinian

A2 - Schmittner, Christoph

A2 - Akkaya, Kemal

A2 - Festor, Olivier

A2 - Fung, Carol

A2 - Rahman, Mohammad Ashiqur

A2 - Granville, Lisandro Zambenedetti

A2 - Paula dos Santos, Carlos Raniery

PY - 2023

Y1 - 2023

N2 - Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.

AB - Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.

M3 - Conference Proceedings with Oral Presentation

SP - 1

EP - 5

BT - Proceedings of IEEE/IFIP Network Operations and Management Symposium 2023

T2 - 2ND IEEE/IFIP INTERNATIONAL WORKSHOP ON TECHNOLOGIES FOR NETWORK TWINS (TNT 2023) & 4TH WORKSHOP ON MANAGEMENT FOR INDUSTRY 5.0 (MFI5.0 2023)

Y2 - 8 May 2023

ER -

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

Abstract

Workshop

Research Field

Fingerprint

Cite this