Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment

18 Pages Posted: 16 Nov 2023

See all articles by Simon Unger

Simon Unger

University of Passau

Ektor Arzoglou

affiliation not provided to SSRN

Markus Heinrich

affiliation not provided to SSRN

Dirk Scheuermann

affiliation not provided to SSRN

Stefan Katzenbeisser

affiliation not provided to SSRN

Abstract

Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to maintain a comprehensive overview of potential security issues.In this paper, we propose a novel approach that leverages attack graphs to enhance the efficiency and effectiveness of risk assessment. Attack graphs visually represent the various attack paths that adversaries can exploit within a system, enabling a systematic exploration of potential vulnerabilities.By extending attack graphs with capabilities to include countermeasures and consequences, they can be leveraged to constitute the complete risk assessment process. Our method offers a more streamlined and comprehensive analysis of system vulnerabilities, where system changes, or environment changes can easily be adapted, and the issues exposing the highest risk can easily be identified. We demonstrate the effectiveness of our approach through a case study, as well as the applicability by combining existing risk assessment standards with our method. Our work aims to bridge the gap between risk assessment practices and evolving threat landscapes, offering an improved methodology for managing and mitigating risks in modern computer systems.

Keywords: Risk Assessment, Attack Graphs

Suggested Citation

Unger, Simon and Arzoglou, Ektor and Heinrich, Markus and Scheuermann, Dirk and Katzenbeisser, Stefan, Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment. Available at SSRN: https://ssrn.com/abstract=4635434 or http://dx.doi.org/10.2139/ssrn.4635434

Simon Unger (Contact Author)

University of Passau ( email )

Innstrasse 27
Passau, 94032
Germany

Ektor Arzoglou

affiliation not provided to SSRN ( email )

No Address Available

Markus Heinrich

affiliation not provided to SSRN ( email )

No Address Available

Dirk Scheuermann

affiliation not provided to SSRN ( email )

No Address Available

Stefan Katzenbeisser

affiliation not provided to SSRN ( email )

No Address Available

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
24
Abstract Views
81
PlumX Metrics