Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler. In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries' profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries' profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries.
Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles / Francesco Mariotti, Matteo Tavanti, Leonardo Montecchi, Paolo Lollini.. - ELETTRONICO. - (2022), pp. 0-0. (Intervento presentato al convegno European Dependable Computing Conference tenutosi a Zaragoza, Spain nel 12-15 September 2022) [10.1109/EDCC57035.2022.00016].
Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles
Francesco Mariotti
;Leonardo Montecchi;Paolo Lollini.
2022
Abstract
Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler. In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries' profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries' profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries.
| File | Dimensione | Formato | |
|---|---|---|---|
|
740200a025.pdf
Accesso chiuso
Licenza:
Tutti i diritti riservati
Dimensione
759.93 kB
Formato
Adobe PDF
|
759.93 kB | Adobe PDF | Richiedi una copia |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
