Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study

TitleUsing attack-defense trees to analyze threats and countermeasures in an ATM: A case study
Publication TypeConference Paper
Year of Publication2016
AuthorsFraile M., Ford M., Gadyatskaya O., Kumar R., Stoelinga M.IA, Trujillo-Rasua R.
Conference Name9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden
PublisherSpringer
Conference LocationBerlin
Abstract

Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we re ect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benets and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.

DOI10.1007/978-3-319-48393-1_24