University of Twente Student Theses


A Manual for Attack Trees

Sonderen, T. (2019) A Manual for Attack Trees.

[img] PDF
Abstract:Nowadays attack trees are often used by large organisations to analyse security threats against their systems. Designing such an attack tree requires detailed knowledge regarding attack trees and the systems to be analysed. In many cases this process relies heavily on personal experience and principles. This causes significant variance between attack trees. In this thesis, guiding principles and building blocks that are used by experts in the field of attack trees have been analysed in an attempt to further standardise attack trees. This was done by analysing attack trees that have been created in the most prominent papers that regard attack trees. These principles and building blocks were then used to design a model for attack trees that specifies the structure of an attack tree in more detail, as well as an accompanying manual. To evaluate it, system experts have been asked to create an attack tree for a semi-realistic case; First with only basic knowledge of attack trees, and thereafter with the help of the manual. The model has proven to improve attack discovery and understandability of the resulting attack trees. Additionally, the results were used to iteratively improve the manual. After this test, the model and manual were used in a real case study for Nedap N.V. and evaluated in a more qualitative manner. Overall, the manual improved the experience of the user. However, the most significant improvements were made in attack discovery, improved detailing and in the understandability when evaluated by others. The model and manual stimulate attack discovery while simultaneously guiding the user towards creating a well structured attack tree. Besides improvements for the manual creation of attack trees, the model provides opportunities for further automating the creation of attack trees.
Item Type:Essay (Master)
Nedap N.V., Groenlo, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page