When assessing the security of IT systems, one needs to take into account which capabilities and which intentions the potential attackers might have. The purpose of attacker models is to make an attacker's capabilities, goals, or other aspects explicit. Formal foundations of attacker models increase precision, avoid ambiguities, and provide a basis for automatic security analyses. Languages for attacker models often come with a graphical display notation that eases understanding and building up intuition.
Attacker models enjoy a widespread use in industrial practice and have been subject of intensive research efforts. Security analyses based on attacker models are not limited to assessing how secure a system is, but can be also used as the basis for economic decisions, e.g., maximizing the return on security invest.
This seminar is based on scientific publications on topics such as:
- formal and graphical languages for modelling attackers
- security analyses based on attacker models
- automated generation of attacker models
- systematic engineering of attacker models
- interplay between attacker actions and defenses
- selective mitigation of attacks
- security economics
The joint online kick-off meeting for labs and seminars offered by MAIS will happen on Thursday, 23.4.2020, at 16:00. We will provide more information how to join the online kick-off meeting via e-mail before the meeting. To receive information how to participate, please register for one of the courses via TUCaN or write a short e-mail to email@example.com in case you want to register in TUCaN after the kick-off meeting.