Seminario di Informatica: How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Martedì 14 Luglio 2015, ore 14:00 - Aula 2AB45 - Olga Gadyatskaya


Seminario di Informatica

Martedì 14 Luglio 2015 alle ore 14:00 in Aula 2AB45, Olga Gadyatskaya (University of Luxembourg) terrà un seminario dal titolo "How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems".

Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. We propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but they can also be used to select and maintain the security controls that cannot be handled by the model itself. In the talk we will review the concepts of socio-technical models and automated generation of attacks, present the attack-defence model, and discuss the current challenges in the automated risk analysis.