ESM: an enhanced attack tree model for critical infrastructure
Abstract
Information attack modelling can have many advantages in various stages of security audit. Although security concerns are often discussed in detail after the system has been designed, the attack modelling can prove to be an important contribution to the subsequent operational security assurance during the development of the system. In the paper, we are dealing with information attacks modelling in critical infrastructure using an enhanced structural model. In critical infrastructure, the presentation of the attacks must be appropriately demonstrated: this means sufficiently detailed and including as many details about the events during the attack. By using an enhanced structural model, proposed in the paper, the information attacks can be presented in a more detailed and transparent manner, which contributes to the improvement of security analyses during the development of systems as well as the analyses of previous information attacks.
Keywords
attack modelling, critical infrastructure, attack tree, Enhanced Structural Model