Title :
Cyber threat trees for large system threat cataloging and analysis
Author :
Ongsakorn, P. ; Turney, K. ; Thornton, M. ; Nair, S. ; Szygenda, S. ; Manikas, T.
Author_Institution :
Dept. of Comput. Sci. & Eng., Southern Methodist Univ., Dallas, TX, USA
Abstract :
The implementation of cyber threat countermeasures requires identification of points in a system where redundancy or other modifications are needed. Because large systems have many possible threats that may be interdependent, it is crucial that such threats be cataloged in a manner that allows for efficient representation and ease of analysis to identify the most critical threats. To address this problem, we model large system threats by conceptually representing them as a Cyber Threat Tree implemented as a directed graph known as a Multiple-Valued Decision Diagram (MDD). The cyber threat tree structure improves upon both the classical fault tree and attack tree structures by expanding the representation of possible system threats. This cyber threat tree model is incorporated into an existing MDD software package to help identify and catalog possible system threats. We have also developed a new formal language, CyTML, which is used to represent cyber threat trees.
Keywords :
decision diagrams; directed graphs; fault trees; formal languages; security of data; CyTML; MDD software package; cyber threat trees; directed graph; formal language; large system threat; multiple-valued decision diagram; threat cataloging; Cyber Attacks; System Threats; Tree Models;
Conference_Titel :
Systems Conference, 2010 4th Annual IEEE
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4244-5882-0
DOI :
10.1109/SYSTEMS.2010.5482351
