Attack trees are a widely used method for analyzing security vulnerabilities in systems, offering a structured approach to exploring potential attack scenarios and their countermeasures. This paper presents a comprehensive analysis of existing tools designed to create, edit, visualize and manage attack trees, highlighting their strengths and limitations. Based on the findings, a new web application is developed to improve the user experience and functionalities for creating, editing, and managing attack trees and to address the identified areas for improvement in attack tree management. Key features of this application include the intuitive and simple user interface, drag-and-drop functionality for basic tree operations, support for user collaboration with customizable user permissions, and the integration of predefined templates to streamline the creation of new attack trees. The new application is evaluated and compared to existing tools, demonstrating its improvements.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Implementation of a Web Application for Creating, Editing and Managing Attack Trees

  • Jelisaveta Jevtić,
  • Žarko Stanisavljević,
  • Maja Vukasović

摘要

Attack trees are a widely used method for analyzing security vulnerabilities in systems, offering a structured approach to exploring potential attack scenarios and their countermeasures. This paper presents a comprehensive analysis of existing tools designed to create, edit, visualize and manage attack trees, highlighting their strengths and limitations. Based on the findings, a new web application is developed to improve the user experience and functionalities for creating, editing, and managing attack trees and to address the identified areas for improvement in attack tree management. Key features of this application include the intuitive and simple user interface, drag-and-drop functionality for basic tree operations, support for user collaboration with customizable user permissions, and the integration of predefined templates to streamline the creation of new attack trees. The new application is evaluated and compared to existing tools, demonstrating its improvements.