Graphical security models constitute a well-known, user-friendly way to represent the security of a system. These kinds of models are used by security experts to identify vulnerabilities and assess the security of a system. The manual construction of these models can be tedious, especially for large enterprises. Consequently, the research community is trying to address this issue by proposing methods for the automatic generation of such models. In this work, we present a survey illustrating the current status of the automatic generation of two kinds of graphical security models -Attack Trees and Attack Graphs. The goal of this survey is to present the current methodologies used in the field, compare them and present the challenges and future directions for the research community.
翻译:图形安全模型是代表系统安全的一种众所周知的、方便用户的方式,安全专家使用这些模型来查明系统的脆弱性并评估系统的安全性。这些模型的手工构建可能很乏味,特别是对于大型企业而言。因此,研究界正试图通过提出自动生成此类模型的方法来解决这一问题。在这项工作中,我们提出一份调查,说明两种图形安全模型—— " 亚塔克树和攻击图 " 的自动生成现状。这次调查的目的是介绍实地目前使用的方法,比较这些方法,并介绍研究界面临的挑战和未来方向。</s>