Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study
|Title||Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study|
|Publication Type||Conference Paper|
|Year of Publication||2016|
|Authors||Fraile M., Ford M., Gadyatskaya O., Kumar R., Stoelinga M.IA, Trujillo-Rasua R.|
|Conference Name||9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden|
Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.