%0 Conference Proceedings
%T Formalising Systematic Security Evaluations Using Attack Trees for Automotive Applications
%+ Coventry University
%A Cheah, Madeline
%A Nguyen, Hoang, Nga
%A Bryans, Jeremy
%A Shaikh, Siraj, A.
%Z Part 4: Defences and Evaluation
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 11th IFIP International Conference on Information Security Theory and Practice (WISTP)
%C Heraklion, Greece
%Y Gerhard P. Hancke
%Y Ernesto Damiani
%I Springer International Publishing
%3 Information Security Theory and Practice
%V LNCS-10741
%P 113-129
%8 2017-09-28
%D 2017
%R 10.1007/978-3-319-93524-9_7
%K Automotive security
%K Attack trees
%K Secure design
%K Security testing
%K Bluetooth
%Z Computer Science [cs]Conference papers
%X Vehicles are insecure. To protect such systems, we must begin by identifying any weaknesses. One approach is to apply a systematic security evaluation to the system under test. In this paper we present a method for systematically generating tests based on attack trees. We formalise the attack trees as provably-equivalent process-algebraic processes, then automatically generate tests from the process-algebraic representation. Attack trees may include manual input (and thus so will some test cases) but scriptable test cases are automatically executed. Our approach is inspired by model based testing, but allows for the fact that we do not have a specification of the system under test. We demonstrate this methodology on a case study and find that this is a viable method for automation of systematic security evaluations.
%G English
%Z TC 11
%Z WG 11.2
%2 https://inria.hal.science/hal-01875515/document
%2 https://inria.hal.science/hal-01875515/file/469589_1_En_7_Chapter.pdf
%L hal-01875515
%U https://inria.hal.science/hal-01875515
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-WISTP
%~ IFIP-WG11-2
%~ IFIP-LNCS-10741