Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study
نویسندگان
چکیده
Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs. We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we reflect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benefits and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.
منابع مشابه
Threat Analysis of Cyber Attacks with Attack Tree+
Defenders have developed various threat risk analysis schemes to recognize the intruder attack profile, identify the system weakness, and implement the security safeguards to protect the information asset from cyber-attacks. Attack trees (AT) technique play an important role to investigate the threat analysis problem to known cyber-attacks for risk assessment. For example, protection trees and ...
متن کاملAttack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Attack tree (AT) is one of the widely used non-state-space models for security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DTs) have been developed to investigate the effect of defense mechanisms using measures such as attack cost, security investment cost, return on attack (ROA) and return on investment (ROI). DT, however, places defense me...
متن کاملAn Analysis of Spatial Pathology of the Physical and Social Structure of the City with Non-Relevant Defense Approach Case Study: Tehran Metropolitan Area
Using the passive defense principles in urban plans and projects is important in the context of land use planning, reinforced concrete, citizen education, and increasing urban resiliency. Observing and adhering to these principles will reduce the vulnerability of the city and citizens to security and military threats. Therefore, this study aims at evaluating the spatial pathology of the physica...
متن کاملEvaluation of complex security scenarios using defense trees and economic indexes
In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender’s return on security investment and the attacker’s return on attack...
متن کاملAnalysis of spatial vulnerability of threatened strategic urban centers from the point of view of passive defense (case study: Bojnurd city)
Background and objective: Safety and security against threats is one of the most basic principles in order to achieve the desired standards of urban comfort, and attention to the passive defense of cities against external threats has always been considered since the beginning of the formation of cities. Therefore, the purpose of this study is to provide management strategies to reduce the exist...
متن کامل