Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler. In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries' profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries' profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries.

Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles / Francesco Mariotti, Matteo Tavanti, Leonardo Montecchi, Paolo Lollini.. - ELETTRONICO. - (2022), pp. 0-0. (Intervento presentato al convegno European Dependable Computing Conference tenutosi a Zaragoza, Spain nel 12-15 September 2022) [10.1109/EDCC57035.2022.00016].

Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles

Francesco Mariotti
;
Leonardo Montecchi;Paolo Lollini.
2022

Abstract

Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler. In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries' profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries' profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries.
2022
Proc. of the 18th European Dependable Computing Conference
European Dependable Computing Conference
Zaragoza, Spain
12-15 September 2022
Francesco Mariotti, Matteo Tavanti, Leonardo Montecchi, Paolo Lollini.
File in questo prodotto:
File Dimensione Formato  
740200a025.pdf

Accesso chiuso

Licenza: Tutti i diritti riservati
Dimensione 759.93 kB
Formato Adobe PDF
759.93 kB Adobe PDF   Richiedi una copia

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificatore per citare o creare un link a questa risorsa: https://hdl.handle.net/2158/1284738
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 3
social impact