Using CP-nets as a guide for countermeasure selection

Stefano Bistarelli, Fabio Fioravanti, Pamela Peretti
2007 Proceedings of the 2007 ACM symposium on Applied computing - SAC '07  
In this paper we present a qualitative approach for the selection of security countermeasures able to protect an IT system from attacks. For this purpose, we model security scenarios by using defense trees (an extension of attack trees) and preferences over countermeasure using Conditional Preference networks (CP-nets for short). In particular, we introduce two different methods for the composition of preferences: the and-composition and the or-composition. The first one is used to determine a
more » ... reference order in the selection of countermeasures able to mitigate the risks produced by conjunct attacks. The second one is used to determine a preference order over sets of countermeasures able to mitigate the risks produced by alternative attacks.
doi:10.1145/1244002.1244073 dblp:conf/sac/BistarelliFP07 fatcat:hrnlba7a4vd6bge5ivbzhxi4d4