Abstract
In order to evaluate all attack paths in a threat tree, based on threat modeling theory, a weight distribution algorithm of the root node in a threat tree is designed, which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage. Besides, an algorithm of searching attack path was also obtained in accordence with its definition. Finally, an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree, the weight distribution information, and the attack paths. An example threat tree is given to verify the effectiveness of the algorithms.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Viega J, Messier M. Security is harder than you think [J]. ACM Queue, 2004, 2(5): 60–65.
McGraw G. Software security [J]. IEEE Security and Privacy, 2004, 2(2): 80–83.
Anderson R. Software security: State of the art [J]. IEEE Security and Privacy, 2007, 5(1): 8.
Redwine S T. Workshop on secure software engineering education and training [C]. In: Proceedings of Software Engineering Education and Training. Hawaii, USA, 2006. 245.
Peine H. Rules of thumb for secure software engineering [C]. In: Proceedings of the 27th International Conference on Software Engineering. St. Louis, USA, 2005. 702–703.
Davis N. Secure Software Development Life Cycle Processes: A Technology Scouting Report [R]. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, 2005.
Schenier B. Attack trees: Modeling security threats [J]. Dr. Dobb’s Journal, 1999, 12(24): 21–29.
Mauw S. Foundations of Attack Trees [EB/OL]. http://www.win.tue.nl/~sjouke/, 2005-06-11.
Moore A P, Ellison R J, Linger R C. Attack Modeling for Information Security and Survivability [R]. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, 2001.
Dalton G C, Mills R F, Colombi J M et al. Analyzing attack trees using generalized stochastic Petri nets [C]. In: Proceedings of IEEE Workshop on Information Assurance. USA, 2006. 116–123.
Amenaza Technologies Limited. Hostile Risk Decisions and Capability-based Analysis [EB/OL]. http://www.amenaza.com, 2005-04-12.
Microsoft ACE Team. Microsoft Threat Analysis and Modeling [EB/OL]. http://msdn.microsoft.com/en-us/security/default.aspx, 2006-01-05.
Michael Howard, David LeBlanc. Writing Secure Code [M]. 2nd Ed. Microsoft Press, Washington DC, 2002. 43–53.
Li X H, He K. A unified threat model for assessing threat in web application [C]. In: Proceedings of the Second International Conference on Information Security and Assurance. Korea, 2008. 142–145
Filev D P, Yager R R. On the issue of obtaining OWA operator weights [J]. Fuzzy Sets and Systems, 1998, 94(2): 157–169.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by National Natural Science Foundation of China (No. 90718023) and National High-Tech Research and Development Program of China (No. 2007AA01Z130).
LI Xiaohong, born in 1965, female, Dr, associate Prof.
Rights and permissions
About this article
Cite this article
Li, X., Liu, R., Feng, Z. et al. Threat modeling-oriented attack path evaluating algorithm. Trans. Tianjin Univ. 15, 162–167 (2009). https://doi.org/10.1007/s12209-009-0029-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12209-009-0029-y