Modern cybersecurity education must prepare learners to understand how security threats can be realized and to diagnose and respond to attacks, under real-world constraints—such as incomplete or ambiguous information. This paper introduces two educational approaches. First, we adapt attack trees, a threat-modeling technique, into an intuitive framework for teaching security reasoning to non-experts, including children. By breaking down attacks into visual, step-by-step scenarios, learners systematically identify risks and countermeasures, fostering critical thinking and collaboration. Second, we propose a method to quantify the diagnosability of attacks, measuring how much information is needed to identify an attacker’s actions (which are unseen). This approach helps educators design realistic training exercises where learners prioritize evidence and act decisively under uncertainty. Finally, we discuss how this framework could be translated into a security tool accessible to a wide range of users.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Using Attack Trees for Security Education and Training: Simplifying Threat Analysis

  • Damas Gruska,
  • Aliyu Tanko Ali,
  • Martin Leucker

摘要

Modern cybersecurity education must prepare learners to understand how security threats can be realized and to diagnose and respond to attacks, under real-world constraints—such as incomplete or ambiguous information. This paper introduces two educational approaches. First, we adapt attack trees, a threat-modeling technique, into an intuitive framework for teaching security reasoning to non-experts, including children. By breaking down attacks into visual, step-by-step scenarios, learners systematically identify risks and countermeasures, fostering critical thinking and collaboration. Second, we propose a method to quantify the diagnosability of attacks, measuring how much information is needed to identify an attacker’s actions (which are unseen). This approach helps educators design realistic training exercises where learners prioritize evidence and act decisively under uncertainty. Finally, we discuss how this framework could be translated into a security tool accessible to a wide range of users.