@INPROCEEDINGS{Roberts2011,
  author = {Roberts, M. and Howe, A. and Ray, I. and Urbanska, M. and Byrne,
	Z. S. and Weidert, J. M.},
  title = {Personalized Vulnerability Analysis through Automated Planning},
  booktitle = {Working Notes of IJCAI 2011, Workshop Security and Artificial Intelligence
	(SecArt-11),},
  year = {2011},
  month = {04},
  abstract = {Attack trees and attack graphs are a well-known
	
	representation for computer security vulnerabilities. They
	
	capture how malicious activity can result in compromised
	
	systems. But attack graphs scale poorly, are constructed to
	
	capture key components of vulnerabilities in industrial
	
	settings and focus on attacker actions. We generalize the
	
	attack graph formalism by integrating user actions and
	
	supporting personalization that restricts the focus to those
	
	vulnerabilities present for a particular user/system
	
	combination (i.e., considering specific computer
	
	configuration and a user’s normal activities). The new
	
	representation is captured in the Planner Domain Definition
	
	Language with user specific attributes being included as
	
	facts. Given the PDDL representation, we can use a planner
	
	to 1) prune the attack graph to only those vulnerabilities for
	
	which we can derive a plan, 2) perform what-if analyses of
	
	user actions and 3) identify interventions that are most
	
	likely to reduce the system vulnerability},
 }