How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems
|Title||How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems|
|Publication Type||Conference Paper|
|Year of Publication||2016|
|Conference Name||Second International Workshop GraMSec 2015, Verona, Italy|
Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.