****************************************************************** GraMSec 2017 The Fourth International Workshop on Graphical Models for Security Co-located with CSF 2017

Santa Barbara, CA, USA - August 21, 2017 http://gramsec.uni.lu/ ****************************************************************** ABOUT GraMSec Graphical security models provide an intuitive but systematic methodology to analyze security weaknesses of systems and to evaluate potential protection measures. Such models have been subject of academic research and they have also been widely accepted by the industrial sector, as a means to support and facilitate threat analysis and risk assessment processes. The objective of GraMSec is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies and tools for their practical usage.

PROGRAM 8:45 – 10:00 INVITED TALK

Dr. Anoop Singhal, NIST Security Metrics and Risk Analysis for Enterprise Systems

10:00 – 10:35 BREAK (eclipse + coffee) 10:35 – 12:35 SESSION 1: Security Modeling

10:35 – 11:15 (regular paper) Dan Ionita, Margaret Ford, Alexandr Vasenev, and Roel Wieringa Graphical Modeling of Security Arguments: Current State and Future Directions 11:15 – 11:35 (short paper) Brian Ruttenberg, Dave Blumstein, Jeff Druce, Michael Howard, Fred Reed, Leslie Wilfong, Crystal Lister, Steve Gaskin, Meaghan Foley, and Dan Scofield Probabilistic Modeling of Insider Threat Detection Systems 11:35 – 12:15 (regular paper) Angèle Bossuat and Barbara Kordy Evil Twins: Handling Repetitions in Attack–Defense Trees - A Survival Guide 12:15 – 12:35 (short paper) Letitia Li, Florian Lugou, and Ludovic Apvrille Security Modeling for Embedded System Design

12:40 – 14:00 LUNCH 14:00 – 15:40 SESSION 2: Risk Analysis

14:00 – 14:40 (regular paper) Karin Bernsmed, Christian Frøystad, Per Håkon Meland, Dag Atle Nesheim, and Ørnulf Jan Rødseth Visualizing Cyber Security Risks with Bow-Tie Diagrams 14:40 – 15:20 (regular paper) Aitor Couce-Vieira, Siv Hilde Houmb, and David Ríos-Insua CSIRA: A Method for Analysing the Risk of Cybersecurity Incidents 15:20 – 15:40 (short paper) Ryan Habibi, Jens Weber, and Morgan Price Circle of Health Based Access Control for Personal Health Information Systems

15:40 – 16:10 BREAK 16:10 – 17:10 SESSION 3: Attack Trees

16:10 – 16:50 (regular paper) Peter Gjøl Jensen, Axel Legay, Kim Guldstrand Larsen, and Danny Bøgsted Poulsen Quantitative Evaluation of Attack Defense Trees using Stochastic Timed Automata 16:50 – 17:10 (short paper) Olga Gadyatskaya and Rolando Trujillo-Rasua New Directions in Attack Tree Research: Catching up with Industrial Needs

GraMSec REGISTRATION IS NOW OPEN To register please follow the instructions given at http://www.gramsec.uni.lu/registration.php

If you need a visa support letter, please check http://csf2017.tecnico.ulisboa.pt/visa.html

GENERAL CHAIR Sjouke Mauw, University of Luxembourg, Luxembourg

PROGRAM COMMITTEE CO-CHAIRS Ketil Stølen, SINTEF Digital and University of Oslo, Norway Peng Liu, Pennsylvania State University, USA

CONTACT For inquiries please send an e-mail to gramsec17@easychair.org