An Extension of Attack Trees
Attack trees provide a model to describe the security of a system based on the possibility of various attacks. In this paper, we propose the concept of “attack graphs” as an extension of attack trees, wherein directed acyclic graphs are used to depict possible attacks on a system. By deploying this model, system managers can discern all possible threats to the system and thus are more likely to design efficient countermeasures to thwart those attacks. Within this model, we also propose the concept of the most dangerous path in the attack graph, and finally propose an algorithm to expose it.
KeywordsAttack trees Directed acyclic graph Attack graph The most dangerous path
This work was partially supported by the Ministry of Science and Technology of Taiwan, under Contract No. MOST 106-2221-E-259-005.
- 1.Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
- 2.Odubiyi, J.B., O’Brien, C.W.: Information security attack tree modeling. In: Proceedings of Seventh Workshop on Education in Computer Security (WECS), pp. 29–37 (2006)Google Scholar
- 4.Anderson, R.: Why cryptosystems fail. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (1993)Google Scholar
- 5.SANS Internet Storm Center. http://isc.sans.org
- 6.Security Focus. http://www.securityfocus.org
- 8.Horowitz, E., Sahni, S., Mehta, D.P.: Fundamentals of Data Structures in C++, 2nd edn. Silicon Press, New York (2007)Google Scholar
- 9.Weiss, M.A.: Data Structures and Algorithm Analysis in C, 3rd edn. (2007)Google Scholar
- 11.West, D.B.: Introduction to Graph Theory. Prentic-Hall Inc., Upper Saddle River (2001)Google Scholar