This repository contains attack graphs for the 21 use cases identified in the project "Security Requirements Forecast and Evaluation of Possible Security Concepts" (German title: "Prognose Securitybedarf und Bewertung möglicher Sicherheitskonzepte").
The use cases are describe in the report available here: Report (German only).
As the research project's language was German, the original attack graphs were written in German (see folder DE/).
We provide an English translation of the attack graphs in the folder EN/.
The scripts in scripts/ are used to automatically translate the attack graphs from German to English.
They are not necessary to view the attack graphs in either language (see section Viewing and Editing for viewing the attack graphs).
The methodology to derive the attack graphs published in this repository will be publicly available after completion of the research project in December 2023.
Also, this repository will experience updates while the project proceeds.
The attack graphs have been updated to reflect the state at the end of the project. Attribute values were assigned to the attack steps to evaluate the risk and countermeasures were added to identify how the risk can be reduced to an acceptable level.
The (German) report will be referenced here once it has been published.
The graphs have been exported to PNG for your convenience. To view or edit the source files, Draw.io is required which is freely available:
- Desktop Version: https://diagrams.net
- Browser Version: https://app.diagrams.net
- Github-hosted Version with Plugin enabled: https://incyde-gmbh.github.io/drawio-plugin-attackgraphs/app
| Title | Link |
|---|---|
| Prognose Securitybedarf und Bewertung möglicher Sicherheitskonzepte; Teil 1: Technologieprognose | 1 |
| Softwaregestützte Bedrohungsanalyse durch Angriffsgraphen | 2 |
| Technologie- und Securityprognose System Bahn – Bedrohungen rechtzeitig erkennen | 3 |
| Software-gestützte Bedrohungsanalyse durch Angriffsgraphen | 4 |
| Title | Link |
|---|---|
| Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment | 5 |
| Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands | 6 |
| Software-supported threat analysis using attack graphs | 2 |
| Technology and security forecast for the railway system – the timely identification of threats | 3 |
The following people have conducted the research project and worked on the creation of the attack graphs.
- Max Schubert, INCYDE
- Markus Heinrich, INCYDE
- Stefan Katzenbeisser, Uni Passau
- Simon Unger, Uni Passau
- Dirk Scheuermann, Fraunhofer SIT
Markus Heinrich – markus.heinrich@incyde.com
This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.