Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs
KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.ORCID iD: 0000-0002-3293-1681
KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.ORCID iD: 0000-0002-2113-4900
Foreseeti AB, Sweden.ORCID iD: 0000-0001-5427-7548
KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.ORCID iD: 0000-0003-3922-9606
Show others and affiliations
2016 (English)In: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers, Springer, 2016, Vol. 10224, p. 37-52Conference paper, Published paper (Refereed)
Abstract [en]

This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details.

Place, publisher, year, edition, pages
Springer, 2016. Vol. 10224, p. 37-52
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), ISSN 0302-9743 ; 10224
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-200700DOI: 10.1007/978-3-319-57858-3_4ISI: 000426090100004Scopus ID: 2-s2.0-85018370233ISBN: 9783319578576 (print)OAI: oai:DiVA.org:kth-200700DiVA, id: diva2:1070337
Conference
4th International Workshop on Risk Assessment and Risk Driven Quality Assurance, RISK 2016 held in conjunction with 28th International Conference on Testing Software and Systems, ICTSS 2016, Graz, Austria, 18 October 2016 through 18 October 2016
Funder
Swedish Civil Contingencies AgencyEU, FP7, Seventh Framework Programme, 607109
Note

QC 20171030

Available from: 2017-02-01 Created: 2017-02-01 Last updated: 2018-03-09Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopushttps://www.fokus.fraunhofer.de/en/events/risk_2016

Authority records BETA

Johnson, PontusEkstedt, MathiasLagerström, Robert

Search in DiVA

By author/editor
Johnson, PontusVernotte, AlexandreGorton, DanEkstedt, MathiasLagerström, Robert
By organisation
Electric Power and Energy Systems
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 68 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf