Title :
The Use of Attack and Protection Trees to Analyze Security for an Online Banking System
Author :
Edge, Kenneth ; Raines, Richard ; Grimaila, Michael ; Baldwin, Rusty ; Bennington, Robert ; Reuter, Christopher
Author_Institution :
Air Force Inst. of Technol., Wright-Patterson AFB, OH
Abstract :
Online banking has become increasingly important to the profitability of financial institutions as well as adding convenience for their customers. As the number of customers using online banking increases, online banking systems are becoming more desirable targets for criminals to attack. To maintain their customers´ trust and confidence in the security of their online bank accounts, financial institutions must identify how attackers compromise accounts and develop methods to protect them. Attack trees and protection trees are a cost effective way to do this. Attack trees highlight the weaknesses in a system and protection trees provide a methodical means of mitigating these weaknesses. In this paper, a notional online banking system is analyzed and protection solutions are proposed for varying budgets
Keywords :
bank data processing; security of data; tree data structures; financial institution; online banking system; protection tree; security system; Availability; Banking; Costs; Government; Laboratories; Logic; Profitability; Protection; Security; TV;
Conference_Titel :
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on
Conference_Location :
Waikoloa, HI
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2007.558
