How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

TitleHow to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems
Publication TypeConference Paper
Year of Publication2016
AuthorsGadyatskaya O.
Conference NameSecond International Workshop GraMSec 2015, Verona, Italy
Date PublishedFebruary
PublisherSpringer Verlag
Conference LocationSwitzerland
Abstract

Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.

DOI10.1007/978-3-319-29968-6_4