The Attack Navigator (Invited)

TitleThe Attack Navigator (Invited)
Publication TypeBook Chapter
Year of Publication2016
AuthorsProbst C.W, Willemson J., Pieters W.
EditorMauw S., Kordy B., Jajodia S.
Book TitleGraphical Models for Security - Revised Selected Papers
Series TitleLecture Notes in Computer Science
PublisherSpringer Verlag
KeywordsAttack Navigator

The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and develop-ment speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. There-fore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the e?ectiveness of defense alternatives under di?erent threat conditions.