Crowdsourcing Computer Security Attack Trees

Authors

Matthew Tentilucci, Rochester Institute of TechnologyFollow
Nick Roberts, Rochester Institute of Technology
Shreshth Kandari, Rochester Institute of TechnologyFollow
Daryl Johnson, Rochester Institute of TechnologyFollow
Bill Stackpole, Rochester Institute of TechnologyFollow
George Markowsky, University of Maine

Description

This paper describes an open-source project called RATCHET whose goal is to create software that can be used by large groups of people to construct attack trees. The value of an attack tree increases when the attack tree explores more scenarios. Crowdsourcing an attack tree reduces the possibility that some options might be overlooked. RATCHET has been tested in classroom settings with positive results. This paper gives an overview of RATCHET and describes some of the features that we plan to add.

Date of creation, presentation, or exhibit

5-31-2015

Comments

Originally presented at the 10th Annual Symposium on Information Assurance (ASIA '15) June 2-3, Albany NY

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)

Recommended Citation

Tentilucci, Matthew; Roberts, Nick; Kandari, Shreshth; Johnson, Daryl; Stackpole, Bill; and Markowsky, George, "Crowdsourcing Computer Security Attack Trees" (2015). Accessed from
https://repository.rit.edu/other/858

Campus

RIT – Main Campus