TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster)

TitleTREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster)
Publication TypeConference Paper
Year of Publication2014
AuthorsPieters W., Hadziosmanović D., Lenin A., Montoya L., Willemson J.
Conference Name35th IEEE Symposium on Security and Privacy, San Jose, California
Date PublishedMay
PublisherIEEE Computer Society
Conference LocationUSA
ISBN Numbernot assigned

Existing methods for security risk analysis typically estimate time, cost, or likelihood of success of attack steps. When the threat environment changes, such values have to be updated as well. However, the estimated values reflect both system properties and attacker properties: the time required for an attack step depends on attacker skill as well as the strength of a particular system component. In the TRESPASS project, we propose the separation of attacker and system properties. By doing so, we enable ?plug-and-play? attacker profiles: profiles of adversaries that are independent of system properties, and thus can be re- used in the same or different organisation to compare risk in case of different attacker profiles. We demonstrate its application in the framework of attack trees, as well as our new concept of attack navigators.