Architectural Generation of Context-based Attack Paths: Unterschied zwischen den Versionen

Aus SDQ-Institutsseminar
(Die Seite wurde neu angelegt: „{{Vortrag |vortragender=Jonathan Schenkenberger |email=jonathan.schenkenberger@student.kit.edu |vortragstyp=Masterarbeit |betreuer=Maximilian Walter |termin=In…“)
 
Keine Bearbeitungszusammenfassung
 
Zeile 5: Zeile 5:
|betreuer=Maximilian Walter
|betreuer=Maximilian Walter
|termin=Institutsseminar/2022-05-20
|termin=Institutsseminar/2022-05-20
|kurzfassung=TBD
|vortragsmodus=online
|kurzfassung=In industrial processes (Industry 4.0) and other fields in our lives like the energy or health sector, the confidentiality of data becomes increasingly important. For the protection of confidential information on critical systems, it is crucial to be able to find relevant attack paths in different access-control contexts to a critical element. In order to minimize costs, it is important to already consider this issue in the design phase of the software architecture. There are already approaches considering the topic of attack path generation. However, they do not consider software architecture modeling or they do not consider both vulnerabilities and access control mechanisms. Hence, this thesis presents an approach for finding all potential attack paths in a software architecture model considering access control and vulnerabilities. However, all attack paths are often to many, so the approach presented here introduces and utilizes meaningful filter criteria based on wide-spread vulnerability classification standards.
}}
}}

Aktuelle Version vom 26. April 2022, 14:26 Uhr

Vortragende(r) Jonathan Schenkenberger
Vortragstyp Masterarbeit
Betreuer(in) Maximilian Walter
Termin Fr 20. Mai 2022
Vortragsmodus online
Kurzfassung In industrial processes (Industry 4.0) and other fields in our lives like the energy or health sector, the confidentiality of data becomes increasingly important. For the protection of confidential information on critical systems, it is crucial to be able to find relevant attack paths in different access-control contexts to a critical element. In order to minimize costs, it is important to already consider this issue in the design phase of the software architecture. There are already approaches considering the topic of attack path generation. However, they do not consider software architecture modeling or they do not consider both vulnerabilities and access control mechanisms. Hence, this thesis presents an approach for finding all potential attack paths in a software architecture model considering access control and vulnerabilities. However, all attack paths are often to many, so the approach presented here introduces and utilizes meaningful filter criteria based on wide-spread vulnerability classification standards.