1 / 36

Attack Modeling for Information Security and Survivability

Attack Modeling for Information Security and Survivability. Presented By Chad Frommeyer. Introduction. Introduction Attack Trees Attack Pattern Reuse Attack Tree Refinement Conclusions. Introduction. Problem Attack Data not used for improving Design and Implementation

hinto
Download Presentation

Attack Modeling for Information Security and Survivability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Attack Modeling for Information Security and Survivability Presented By Chad Frommeyer

  2. Introduction • Introduction • Attack Trees • Attack Pattern Reuse • Attack Tree Refinement • Conclusions

  3. Introduction • Problem • Attack Data not used for improving Design and Implementation • Engineers still not learning from the past • Need a better way to utilize past attack data • Solution (Attack Trees/Patterns) • ACME Enterprise

  4. Attack Trees • Definition • a systematic method to characterize system security based on varying attacks

  5. Attack Trees (Structure/Semantics) • Root Node • Tree Nodes • Attack Sub-Goals • AND-Decomposition requires all to succeed • OR-Decomposition requires one to succeed

  6. AND Decomposition OR Decomposition

  7. Attack Trees • Intrusion Scenarios • Scenarios that result in achieving the primary goal • Generated by traversing the tree in a depth-first manner • Intermediate nodes are not appear • Branch Refinement • ACME Attack Tree

  8. Attack Trees • ACME intrusion scenarios • <1.1> , <1.2> , <2.1, 2.2, 2.3, 2.4> • <3.1> , <3.2> • <4.1> , <4.2> , <5.1> , <5.2> , <5.3> • <6.1> , <6.2>

  9. Attack Trees • Refinement of ACME node 5.3

  10. Attack Trees • ACME intrusion scenarios (Refined) • <1, 2.1, 3.1, 4.1, 5.1> , <1, 2.2, 3.1, 4.1, 5.1> • <1, 2.3, 3.1, 4.1, 5.1> , <1, 2.1, 3.2, 4.1, 5.1> • <1, 2.2, 3.2, 4.1, 5.1> , <1, 2.3, 3.2, 4.1, 5.1> • <1, 2.1, 3.1, 4.2, 5.1> , <1, 2.2, 3.1, 4.2, 5.1> • <1, 2.3, 3.1, 4.2, 5.1> , <1, 2.1, 3.2, 4.2, 5.1> • <1, 2.2, 3.2, 4.2, 5.1> , <1, 2.3, 3.2, 4.2, 5.1>

  11. Attack Pattern Reuse • Definition • Components of an Attack Pattern • Pertain to Software and Hardware • Attack Profiles

  12. Attack Pattern Reuse • Components of an Attack Pattern • Overall Goal • Preconditions/Assumptions • Attack Steps • Post-conditions (true if attack is successful)

  13. Buffer Overflow Attack

  14. Unexpected Operator Attack

  15. Attack Pattern Reuse • Components of an Attack Profile • Common Reference Model • Set of Variants • Set of Attack Patterns • Glossary of terms and phrases

  16. Attack Reference Model

  17. Attack Tree Refinement • Refinement Process • Require security expertise • Attack pattern libraries

  18. Attack Tree Refinement • Profile/Enterprise Consistency • Definition: “Consistency” • Attack Pattern Relevance • ACME Example • Org = ACME • Intranet = ACME Internet • Firewall = ACME Firewall

  19. Attack Tree Refinement • Resulting Reference Model

  20. Attack Tree Refinement • Pattern Application • Show relevance to the attack tree goal (relevance) • Applying Attack Patterns

  21. Conclusions • Objective • Documentation via Attack Trees/Profiles • Documentation Reuse • Questions still to answer • Continued Research

More Related