Threat modelling using attack trees
Session: Security risk & compliance assessment, Tue., Sep. 15, 15:00 - 15:30
The concept of hierarchical risk assessment has been around a few decades, but the corresponding methods for this kind of approach are still very immature. In this talk we will take a particular look at attack trees and the challenges one has to tackle when trying to build an attack tree based threat model. We will talk about the root node identification, choosing the correct level of abstraction, quantitative risk assessment and the limitations of the attack tree methodology.
About Jan Willemson
Jan Willemson has been working on data security and cryptography since 1998 when he joined Cybernetica. He defended his PhD thesis on digital time-stamping at Tartu University (Estonia) in 2002 and has since been active in a variety of research areas including socio-technical risk analysis, secret-shared multi-party computations, security economics and attack trees. He is an author of more than 40 research papers published in major international venues.