Lecture Notes in Computer Science 10744

Similar documents
Lecture Notes in Computer Science 7007

Lecture Notes in Computer Science 3511

Lecture Notes in Computer Science 4409

Emotional Engineering Volume 5

Lecture Notes in Computer Science 4728

Lecture Notes in Computer Science 4454

Lecture Notes in Computer Science 10644

Early Modern Philosophers and the Renaissance Legacy

Lecture Notes in Artificial Intelligence 2155

Lecture Notes in Computer Science 3819

Lecture Notes in Computer Science 4401

Atlas of Craniocervical Junction and Cervical Spine Surgery

Lecture Notes in Computer Science 7480

The Archaeology of Anxiety

Encountering Development in the Age of Global Capitalism

Lecture Notes in Computer Science 5004

Lecture Notes in Computer Science 6663

CoPDA Barbara Rita Barricelli Ali Gheitasy Anders Mørch Antonio Piccinno Stefano Valtolina (Eds.)

Lecture Notes in Computer Science 4214

Lecture Notes in Computer Science 9804

Lecture Notes in Artificial Intelligence 3176

Lecture Notes in Computer Science 7342

Lecture Notes in Computer Science 5474

Lecture Notes in Computer Science 8341

Lecture Notes in Computer Science 4797

CoPDA Barbara Rita Barricelli Gerhard Fischer Anders Mørch Antonio Piccinno Stefano Valtolina (Eds.)

Lecture Notes in Computer Science 2497 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

Fractals and Chaos. A.J. Crilly R.A. Earnshaw H. Jones Editors. With 146 Figures in 173 Parts, 57 in Color

Research Reports ESPRIT

Lecture Notes in Computer Science 7140

Lecture Notes in Computer Science 5587

Lecture Notes in Computer Science 7617

Detection of Intrusions and Malware, and Vulnerability Assessment

Lecture Notes in Computer Science 5671

Intelligent Primary School Project in Italy

Studies in Epistemology, Logic, Methodology, and Philosophy of Science

Higher Densities No Sprawl: Master Plan for the City of Ramat-Gan, Israel

Lecture Notes in Artificial Intelligence 10757

9.0 SCOR-RELATED MEETINGS

Ulrik M. Nyman - Curriculum Vitæ

STUDIES IN ORGANIZED CRIME

Lecture Notes in Computer Science 6035

Lecture Notes in Computer Science 8036

Curriculum Vitae Person Education Professional career

Lecture Notes in Computer Science 10852

Lecture Notes in Computer Science 3507

TRAVEL FELLOWSHIP. John Belle traveling in England between studies at the Architectural Association in London.

Lecture Notes in Computer Science 9249

Lecture Notes in Computer Science 9596

Homepage: volpe. Curriculum Vitae

Process Maturity Profile

Lecture Notes in Computer Science 9211

Lecture Notes in Computer Science 6037

The Disorder of Mathematics Education

Technologies of International Relations

Housing markets, wealth and the business cycle

Persoonlijke kopie van ()

Progress in Mathematics

Welcome to Workshop Designing Collaborative Interactive Spaces for e Creativity, e Science and e Learning AVI 2012, Capri, Italy, May 25 th.

International Conference on Image and Signal Processing. July 2-4, 2018, Cherbourg, France

May 6, 2015 Montréal, QC, Canada. Proceedings of the 1st International Workshop on

Process Maturity Profile

Process Maturity Profile

Lecture Notes in Computer Science 4449

Lecture Notes in Computer Science 5083

Lecture Notes in Computer Science 4883

Lecture Notes in Computer Science 3527

Lecture Notes in Computer Science 2386 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen

The Truth about Fania Fénelon and the Women s Orchestra of Auschwitz-Birkenau

My Life with Eggs: Forty Years On

SERGIU KLAINERMAN CURRICULUM VITAE

Establishing a Global Footprint: Inbound, Outbound & in your Neighborhood

Lecture Notes in Computer Science 6182

Due Diligence and the Business Transaction

High-Rise Living in Asian Cities

Presented at the FIG Congress 2018, May 6-11, 2018 in Istanbul, Turkey

CoPDA Barbara Rita Barricelli Gerhard Fischer Daniela Fogli Anders Mørch Antonio Piccinno Stefano Valtolina (Eds.)

Lecture Notes in Computer Science 7744


OUR TRACK RECORD EUROPEAN VALUATIONS

Lecture Notes in Computer Science 5581

Lecture Notes in Computer Science 5438

Lecture Notes in Computer Science 6092

High Field Brain MRI

Computer Architecture: A Quantitative Approach, 3rd Edition By David A. Patterson, John L. Hennessy READ ONLINE

Lecture Notes in Computer Science 3925

Syntax of Landscape The Landscape Architecture of Peter Latz and Partners

UNECE workshop on: Cadastral and real estate registration systems: Economic information for real estate markets in the UNECE region

Welcome to the history of IMPA and its National Associations

Office Rents map EUROPE, MIDDLE EAST AND AFRICA. Accelerating success.

KIT Knowledge, Innovation, Territory. Applied Research 2013/1/13

Lecture Notes in Computer Science 6647

CAMERON, RONDO E. Rondo E. Cameron papers,

Lecture Notes in Computer Science 7149

ACADEMIC QUALIFICATIONS:

Ari Laptev CURRICULUM VITAE

Lecture Notes in Computer Science 7309

Crime Prevention in the 21st Century

Arild Stubhaug. Gösta Mittag-Leffler. AManofConviction. Translated by Tiina Nunnally

Past General Conferences

Transcription:

Lecture Notes in Computer Science 10744 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany

More information about this series at http://www.springer.com/series/7410

Peng Liu Sjouke Mauw Ketil Stølen (Eds.) Graphical Models for Security 4th International Workshop, GraMSec 2017 Santa Barbara, CA, USA, August 21, 2017 Revised Selected Papers 123

Editors Peng Liu Pennsylvania State University University Park, PA USA Sjouke Mauw University of Luxembourg Esch-sur-Alzette Luxembourg Ketil Stølen SINTEF ICT Blindern Oslo Norway ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notes in Computer Science ISBN 978-3-319-74859-7 ISBN 978-3-319-74860-3 (ebook) https://doi.org/10.1007/978-3-319-74860-3 Library of Congress Control Number: 2018930744 LNCS Sublibrary: SL4 Security and Cryptology Springer International Publishing AG 2018 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Preface Welcome to the proceedings of GraMSec 2017, the 4th International Workshop on Graphical Models for Security. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research and development results on graphical models for security, and to have productive discussion and constructive debate on this topic. The workshop was a single day event co-located with the 30th IEEE Computer Security Foundations Symposium (CSF 2017). Out of a total of 19 submissions from Europe and North America, we accepted five regular papers and four short papers. These proceedings also contain the abstract of an invited talk by Anoop Singhal (U.S. National Institute of Standards and Technology) on Security Metrics and Risk Analysis for Enterprise Systems. This valuable and insightful talk gave us a better understanding of the topic. In addition, these proceedings include an invited paper by members of the WISER project, entitled Employing Graphical Risk Models to Facilitate Cyber-Risk Monitoring the WISER Approach. We expect that the results and experiences from this project will help the reader to explore the WISER approach to graphical modeling for security. Putting together GraMSec 2017 was a team effort. We thank all authors who submitted papers. We thank the Program Committee members and additional reviewers for their great effort toward a thought-provoking program. We are also very grateful to the invited speaker for his presentation and the financial support received from the Fonds National de la Recherche Luxembourg (FNR-CORE grant ADT2P). Finally, we thank the IEEE CSF organizers, particularly the general chair, Pedro Adão, for his support and help. December 2017 Peng Liu Sjouke Mauw Ketil Stølen

Organization Program Committee Mathieu Acher Massimiliano Albanese Ludovic Apvrille Thomas Bauereiß Kristian Beckers Giampaolo Bella Stefano Bistarelli Marc Bouissou Binbin Chen Frédéric Cuppens Nora Cuppens-Boulahia Hervé Debar Harley Eades Iii Mathias Ekstedt Ulrik Franke Frank Fransen Olga Gadyatskaya Paolo Giorgini Dieter Gollmann Joshua Guttman René Rydhof Hansen Maritta Heisel Hannes Holm Siv Hilde Houmb Sushil Jajodia Ravi Jhawar Henk Jonkers Florian Kammueller Nima Khakzad Dong Seong Kim Barbara Kordy Pascal Lafourcade Jean-Louis Lanet Peng Liu Sjouke Mauw University Rennes 1/Inria, France George Mason University, USA Télécom ParisTech, CNRS LTCI, France University of Cambridge, UK Technical University of Munich, Germany Università di Catania, Italy Università di Perugia, Italy EDF and Ecole Centrale Paris, France Advanced Digital Sciences Center, Singapore Télécom Bretagne, France Télécom Bretagne, France Télécom SudParis, France Augusta University, USA KTH Royal Institute of Technology, Sweden Swedish Institute of Computer Science, Sweden TNO, The Netherlands University of Luxembourg, Luxembourg University of Trento, Italy Hamburg University of Technology, Germany Worcester Polytechnic Institute, USA Aalborg University, Denmark University of Duisburg-Essen, Germany Swedish Defence Research Agency, Sweden Secure-NOK AS, Norway George Mason University, USA University of Luxembourg, Luxembourg BiZZdesign, The Netherlands Middlesex University London, UK and TU Berlin, Germany Delft University of Technology, The Netherlands University of Canterbury, New Zealand INSA Rennes, IRISA, France Université Clermont Auvergne, France Inria, France Pennsylvania State University, USA University of Luxembourg, Luxembourg

VIII Organization Per Håkon Meland Jogesh Muppala Simin Nadjm-Tehrani Andreas L. Opdahl Xinming Ou Stéphane Paul Wolter Pieters Sophie Pinchinat Vincenzo Piuri Ludovic Piètre-Cambacédès Marc Pouly Nicolas Prigent Cristian Prisacariu Christian W. Probst David Pym Saša Radomirović Indrajit Ray Arend Rensink Yves Roudier Guttorm Sindre Mariëlle Stoelinga Ketil Stølen Xiaoyan Sun Axel Tanner Alexandre Vernotte Luca Viganò Lingyu Wang Jan Willemson SINTEF, Norway Hong Kong University of Science and Technology, SAR China Linköping university, Sweden University of Bergen, Norway University of South Florida, USA Thales Research and Technology, France Delft University of Technology, The Netherlands University Rennes 1, IRISA, France University of Milan, Italy EDF, France Lucerne University of Applied Sciences and Arts, Switzerland Supélec, France University of Oslo, Norway Technical University of Denmark, Denmark University College London University of Dundee, UK Colorado State University, USA University of Twente, The Netherlands Université Côte d Azur, CNRS, I3S, UNS, France Norwegian University of Science and Technology, Norway University of Twente, The Netherlands SINTEF, Norway California State University, USA IBM Research - Zurich, Switzerland KTH Royal Institute of Technology, Sweden King s College London, UK Concordia University, Canada Cybernetica, Estonia Additional Reviewers Audinot, Maxime Puys, Maxime Venkatesan, Sridhar

Security Metrics and Risk Analysis for Enterprise Systems (Abstract of Invited Talk) Anoop Singhal Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899, USA psinghal@nist.gov Abstract. Protection of enterprise systems from cyber attacks is a challenge. Vulnerabilities are regularly discovered in software systems that are exploited to launch cyber attacks. Security analysts need objective metrics to manage the security risk of an enterprise systems. In this talk, we give an overview of our research on security metrics and challenges for security risk analysis of enterprise systems. A standard model for security metrics will enable us to answer questions such as are we more secure than yesterday or how does the security of one system compare with another? We present a methodology for security risk analysis that is based on the model of attack graphs and the common vulnerability scoring system (CVSS).

Contents Graphical Modeling of Security Arguments: Current State and Future Directions....................................... 1 Dan Ionita, Margaret Ford, Alexandr Vasenev, and Roel Wieringa Evil Twins: Handling Repetitions in Attack Defense Trees: A Survival Guide.......................................... 17 Angèle Bossuat and Barbara Kordy Visualizing Cyber Security Risks with Bow-Tie Diagrams.............. 38 Karin Bernsmed, Christian Frøystad, Per Håkon Meland, Dag Atle Nesheim, and Ørnulf Jan Rødseth CSIRA: A Method for Analysing the Risk of Cybersecurity Incidents...... 57 Aitor Couce-Vieira, Siv Hilde Houmb, and David Ríos-Insua Quantitative Evaluation of Attack Defense Trees Using Stochastic Timed Automata........................................... 75 René Rydhof Hansen, Peter Gjøl Jensen, Kim Guldstrand Larsen, Axel Legay, and Danny Bøgsted Poulsen Probabilistic Modeling of Insider Threat Detection Systems............. 91 Brian Ruttenberg, Dave Blumstein, Jeff Druce, Michael Howard, Fred Reed, Leslie Wilfong, Crystal Lister, Steve Gaskin, Meaghan Foley, and Dan Scofield Security Modeling for Embedded System Design.................... 99 Letitia W. Li, Florian Lugou, and Ludovic Apvrille Circle of Health Based Access Control for Personal Health Information Systems........................................ 107 Ryan Habibi, Jens Weber, and Morgan Price New Directions in Attack Tree Research: Catching up with Industrial Needs........................................ 115 Olga Gadyatskaya and Rolando Trujillo-Rasua Employing Graphical Risk Models to Facilitate Cyber-Risk Monitoring - the WISER Approach.............................. 127 Aleš Černivec, Gencer Erdogan, Alejandra Gonzalez, Atle Refsdal, and Antonio Alvarez Romero Author Index... 147

2024 © estatedocbox.com Privacy Policy | Terms of Service | Feedback