40,840 research outputs found
Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis
International audienceAttack trees are widely used in the fields of defense for the analysis of risks (or threats) against electronics systems, computer control systems or physical systems. Based on the analysis of attack trees, practitioners can define actions to engage in order to reduce or annihilate risks. A major barrier to support computer-aided risk analysis is that attack trees can become largely complex and thus hard to specify. This paper is a first step towards a methodology, formal foundations as well as automated techniques to synthesize attack trees from a high-level description of a system. Attacks are expressed as a succession of elementary actions and high-level actions can be used to abstract and organize attacks into exploitable attack trees. We describe our tooling support and identify open challenges for supporting the analysis of risks
Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial
render instructional content in a three-dimensional immersive computer
experience for training youth with learning impediments. There are limited
prior works that explored attack vulnerability in VR technology, and hence
there is a need for systematic frameworks to quantify risks corresponding to
security, privacy, and safety (SPS) threats. The SPS threats can adversely
impact the educational user experience and hinder delivery of VRLE content. In
this paper, we propose a novel risk assessment framework that utilizes attack
trees to calculate a risk score for varied VRLE threats with rate and duration
of threats as inputs. We compare the impact of a well-constructed attack tree
with an adhoc attack tree to study the trade-offs between overheads in managing
attack trees, and the cost of risk mitigation when vulnerabilities are
identified. We use a vSocial VRLE testbed in a case study to showcase the
effectiveness of our framework and demonstrate how a suitable attack tree
formalism can result in a more safer, privacy-preserving and secure VRLE
system.Comment: Tp appear in the CCNC 2019 Conferenc
An Analytical Evaluation of Network Security Modelling Techniques Applied to Manage Threats
The current ubiquity of information coupled with
the reliance on such data by businesses has led to a great
deal of resources being deployed to ensure the security of this
information. Threats can come from a number of sources and the
dangers from those insiders closest to the source have increased
significantly recently. This paper focuses on techniques used to
identify and manage threats as well as the measures that every
organisation should consider to put into action. A novel game-based
onion skin model has been proposed, combining techniques
used in theory-based and hardware-based hardening strategies
Towards optimal multi-objective models of network security: survey
Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers
Toward optimal multi-objective models of network security: Survey
Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers
- âŠ