دانلود کتاب Graphical Models for Security 7th International Workshop GraMSec 2020

فهرست مطالب :

Preface
Organization
Safety Versus Security: Why Have They Not Married Yet? (Abstract of Invited Talk)
Contents
Attack Trees
Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks
1 Introduction
2 Preliminaries
2.1 Foundations of Attack Trees
2.2 Actual Causality
2.3 Malicious Insider Example
3 Attack Trees to Causal Models
3.1 Suspect Attribution
3.2 Attributed Attack Tree Transformation
3.3 Adding Preemption Relations
3.4 Tool Support
4 Evaluation
4.1 The Efficiency of the Extraction
4.2 The Validity of the Approach
4.3 The Effectiveness of the Model
5 Related Work
6 Conclusions and Future Work
References
Library-Based Attack Tree Synthesis
1 Introduction
2 Related Work
3 Attack Trees and Their Trace Semantics
3.1 Attack Trees
3.2 Traces and Operations on Sets of Traces
3.3 Synchronized Concatenation
3.4 Parallel Composition
3.5 Trace Semantics of Attack Trees
4 Libraries
5 Attack Tree Synthesis
5.1 A Detour on the Packed Interval Covering Problem
5.2 NP-Hardness of the Synthesis Problem
5.3 NP-Membership of the Synthesis Problem
5.4 Libraries with Bounded-Arity AND-Rules
6 Conclusion
References
Asset-Centric Analysis and Visualisation of Attack Trees
1 Introduction
2 Background and Related Work
2.1 Attack Trees
2.2 Attack Graphs
3 Asset-Centric Analysis of Attack Trees
3.1 Scenario Description
3.2 Annotation of Attack Trees with Assets
3.3 Transformation of Attack Trees into Asset-Centric Attack Graphs
3.4 Security Metrics
4 Asset-Centric Visualisation of Attack Graphs
4.1 Requirements
4.2 Metrics Visualisation
4.3 Usability and Scalability Features
5 Prototype Implementation and Evaluation
5.1 Implementation
5.2 Evaluation of the Visualisation Requirements
6 Conclusion and Future Work
References
Attacks and Risks Modelling and Visualisation
An Attack Simulation Language for the IT Domain
1 Introduction
2 Related Work
3 MAL
4 CoreLang
4.1 System
4.2 Vulnerability
4.3 User
4.4 IAM
4.5 Data Resources
4.6 Networking
5 Example Model
6 Validation and Discussion
7 Conclusion and Future Work
References
Representing Decision-Makers in SGAM-H: The Smart Grid Architecture Model Extended with the Human Layer
1 Introduction
1.1 Conflicting Incentives Risk Analysis (CIRA)
1.2 Smart Grid Architecture Model (SGAM)
1.3 Problem Statement and Motivation
2 Related Work
2.1 Variants of SGAM
2.2 Approaches for Modeling Humans
2.3 Summary of Related Work
3 Methodology
4 Human Layer
4.1 Case Study: DSO Risks
4.2 Evaluation of the Human Layer
5 Discussion
6 Conclusions
7 Further Work
References
Breaking the Cyber Kill Chain by Modelling Resource Costs
1 Introduction
2 Background
2.1 The Cyber Kill Chain
2.2 Attack Tree Cost Modelling
2.3 Cybercriminal Profiling
3 Method
4 Results
4.1 The Resource Costs Model
4.2 The IRCM Tool
5 Discussion
6 Conclusion
A Tool screenshots
B Cybercriminal profiles
References
GroDDViewer: Dynamic Dual View of Android Malware
1 Introduction
2 Related Work
3 Material Collection
4 Visualizing Malware Execution
4.1 Overview
4.2 System Flow Graph
4.3 Interactions Frequency
4.4 Control Flow and Bytecode Views
4.5 User Interface Navigation
4.6 Dynamic Replay
5 Use Case
5.1 Static Analysis
5.2 Dynamic Analysis
6 Conclusion
References
Models for Reasoning About Security
Attack-Defence Frameworks: Argumentation-Based Semantics for Attack-Defence Trees
1 Introduction
2 Preliminaries Drawing from Argumentation
3 Attack-Defence Frameworks: Trees Attacking Trees
3.1 Interpreting the Attack Relation of Attack-Defence Frameworks
3.2 Interpreting the Support Relation
3.3 An Algorithm for Attack-Defence Frameworks, in Its General Form
4 Reorientation from the Perspective of Attack-Defence Trees
5 Conclusion
References
A Diagrammatic Approach to Information Flow in Encrypted Communication
1 Introduction
1.1 Key Aims
1.2 Tools Used
2 Bipartite Diffie-Hellman, Diagramatically
2.1 Expressing Algebraic Identities Diagrammatically
2.2 Combining Algebraic and Epistemic Data
2.3 What is Being Modeled by A-E Diagrams?
3 Information Flow as Failure of Commutativity
4 Algebraic-Epistemic Diagrams, and a Correctness Condition
4.1 A Correctness Criterion for A-E Diagrams
4.2 Justifying the IFO Condition
5 Tripartite Diffie-Hellman Key Exchange
6 A-E Diagrams as Graphical Tools for Protocols
6.1 Manipulating A-E Diagrams
6.2 Participants\' Views of Protocols
6.3 Updating A-E Diagrams Based on Additional Information
7 Ambiguity, Incompleteness, and Algorithmics
8 Comparisons and Interactions with Other Diagrammatic Tools
9 Future Directions
References
Contextualisation of Data Flow Diagrams for Security Analysis
1 Introduction
2 Related Work and Background
2.1 Reasoning About Data Flow Diagrams in Threat Modelling
2.2 Security and Software Design Meta-Models
3 Approach
3.1 Dataflow Specification
3.2 Pre-process and Post-process Analysis
3.3 Implementation
4 Pilot Study: Modifying Telemetry Outstation Software
5 Discussion and Conclusion
References
Author Index