![Page 1: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/1.jpg)
Attack trees: Formalisms, Variants,
and Applications
Dr. Dan (DongSeong) Kim
University of Canterbury, New Zealand
![Page 2: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/2.jpg)
Outline
• Attack trees formalisms
• Attack trees variants
• Attack trees representations
– Graphical
– Textual
• Applications of attack trees
2/53
![Page 3: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/3.jpg)
Attack Trees Formalisms
![Page 4: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/4.jpg)
4/53
Attack trees formalisms
• References
– Schneiner Bob Jr. 99
– Moore, CMU TR 01
– Mauw, ICISC 04
– Ray, ESORICS 05
![Page 5: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/5.jpg)
5/53
B. Schneier's paper
• No formalism was proposed
• Represented attack trees in a graphical/textual
form using AND and/or OR nodes
• Showed different values can be assigned to the
leaf nodes
– Boolean (P/I), continuous node values (cost, prob.
of success of a given attack)
• A PGP (pretty good privacy) Example
![Page 6: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/6.jpg)
6/53
Moore et al. paper
P. Moore, R. J. Ellision, R. C. Linger, Attack Modeling for Information Security and Survivability,
Technical Note, CMU/SEI-2001-TN-001, March 2001.
• Structure and semantics
![Page 7: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/7.jpg)
7/53
Moore et al. paper
• Attack tree refinement
– Attack tree – AND, OR : formalizm
– Attack pattern
• Define as a generic representation of a deliberate, malicious attack
that commonly occurs in specific context
– Attack profile contains
• A common reference model
• A set of variants
• A set of attack patterns
• A glossary of defined terms and phrases
– Attack library (attack forests)
• Provide a set of attack profiles
![Page 8: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/8.jpg)
8/53
Moore et al. paper
• Applying attack patterns
![Page 9: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/9.jpg)
9/53
Mauw paper
• Attack trees and attack suite (attack patterns, intrusion
scenarios)
– Attack suite: combinations of attack components (nodes)
• An attack tree simply defines a collection of possible attacks
• Internal branching structure of an attack tree will not be expressed in the
attack suite.
– Bundles
• Connections from a node to a multi-set of nodes
S. Mauw and M. Oostdijk. Foundations of attack trees. In Dongho Won and Seungjoo Kim, editors, International Conference on Information Security and Cryptology,
LNCS 3935, pages 186-198, Seoul, Korea, December 2005. Springer-Verlag, Berlin.
![Page 10: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/10.jpg)
10/53
Mauw paper
• Transformations
– Two structurally different attack trees may intuitively capture the same
information.
– The difference in structuring can arise from a different approach
towards partitioning the attacks
bundle
![Page 11: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/11.jpg)
13/53
Mauw paper
• Projections
– By manipulating attack trees one can get answers
to questions like
– “show all attacks that do not require special
equipment”,
– or “which attacks incur a damage over 1000 US
dollars?”
• Requires an attribute incurred damage and a predicate
on its domain, . Taking the projection of
an attack suite boils down to selecting the attacks that
satisfy the predicate.
( ) 1000P n n
![Page 12: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/12.jpg)
14/53
I. Ray paper
cf. components in Mauw
I. Ray and N. Poolsapassit, Using Attack Trees to Identify Attacks from Authorized Insiders, ESORICS 2005
![Page 13: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/13.jpg)
15/53
I. Ray paper (cont.)
cf. attributes in Mauw
![Page 14: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/14.jpg)
Outline
• Attack trees formalisms
• Attack trees variants
• Attack trees representations
– Graphical
– Textual
• Applications of attack trees
16/53
![Page 15: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/15.jpg)
Attack tree variants
![Page 16: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/16.jpg)
18/53
What variants?
• In terms of
– Input value (attributes, label)
– Output measures (projection)
– Representation of semantic and structure in
graphical/textual ways
• AND, OR
• O-AND (Ordered AND)
• Sequential/parallel
• Conditional
Attack Trees with
dynamic gates
![Page 17: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/17.jpg)
19/53
Input value
• Value can be codified in the leaf nodes
– Prob. of success of a given attack
– Conditional probability
– Impact (e.g., 0-10)
– Risk = Impact*prob. of success of a given attack.
– Cost (e.g., attack cost, security investment cost)
– Attacker skill (e.g., Hight/Medium/Low, …)
– Attack difficulty, e.g. 1-10
– Probability of getting caught
– Penalty
– Combined
![Page 18: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/18.jpg)
20/53
Output measures
• They are depending on input value
– Probability of attack success
– Sum of cost
– Risk
– Vulnerability
– Survivability
– Others
• appeared applications of attack trees in more detail.
![Page 19: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/19.jpg)
Outline
• Attack trees formalisms
• Attack trees variants
• Attack trees representations
– Graphical
– Textual
• Applications of attack trees
21/53
![Page 20: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/20.jpg)
Attack trees representations
22/53
![Page 21: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/21.jpg)
23/53
Graphical Representation
• Structure and semantics
Schneier’s paper
![Page 22: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/22.jpg)
24/53
Graphical Representation
– AND
– OR
1) P. Moore, R. J. Ellision, R. C. Linger, Attack Modeling for Information Security and Survivability,
2) Technical Note, CMU/SEI-2001-TN-001, March 2001.
![Page 23: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/23.jpg)
25/53
Graphical Representation
A Practical Approach to Threat Modeling, TR, 2006
![Page 24: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/24.jpg)
26/53
Graphical Representation
![Page 25: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/25.jpg)
27/53
Graphical Representation
C. Fung, et al. Survivability Analysis of Distributed Systems using Attack Tree Methodology, MILCOM05
![Page 26: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/26.jpg)
28/53
Graphical Representation
A. Jurgenson and J. Willemson, Processing Multi-parameter Attack trees with Estimated Parameter Values, Proc. IWSEC 2007
![Page 27: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/27.jpg)
29/53
Graphical Representation
• COND (conditional) – Indicates that an agent may decide whether or not they want to achieve the
goal.
– For the agent to traverse a COND node, two questions must be answered by the agent
• 1. do I want to perform this action? => determined by a prob. Table based on the type of attacker.
• 2. are the necessary preconditions met for me to take this actions? => satisfied by a lookup table to the agent‟s state table.
M. S. Lathrop, L. Hill, L. Surdu, Modeling Network Attacks, Proc. IAW 2002.
![Page 28: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/28.jpg)
30/53
Graphical Representation
Z. Gan, J. Tang, P. Wu, and V. varadharajan, A Novel Security Risk Evaluation for Information System, FCST
2007
– extend the concept the attack tree and introduce
another relation - CAND (Conditional AND).
• The CAND node relation between nodes represent that
the upper goal is achieved if all subgoals are achieved
under certain condition.
![Page 29: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/29.jpg)
31/53
Graphical Representation
S. Camtepe and B. Yener, Modeling and Detection of Complex Attacks, securecom07
– O-AND (Ordered-AND), cf. later sequential AND
– Combination of graph and fault tree (ftree)
![Page 30: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/30.jpg)
32/53
Graphical Representation
S. Bistarelli, M. Dall’Aglio, and P. Peretti, Strategic Games on Attack Trees, FAST 2006
Defense tree,
compare it with protection trees ROI (return on investment)
ROA (return on Attack)
![Page 31: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/31.jpg)
33/53
Textual representation
Schneier’s paper
![Page 32: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/32.jpg)
34/53
Textual representation
![Page 33: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/33.jpg)
35/53
Textual representation
![Page 34: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/34.jpg)
36/53
Textual representation
E. Park, J. Yun, H. In, Simulating Cyber intrusion using Ordered UML Model-based scenarios, AsiaSim04
• Sequential/parallel
– Sequential AND-OR : series
– Parallel AND-OR
![Page 35: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/35.jpg)
Outline
• Attack trees formalisms
• Attack trees variants
• Attack trees representations
– Graphical
– Textual
• Applications of attack trees
37/53
![Page 36: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/36.jpg)
Applications of Attack trees
![Page 37: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/37.jpg)
39/53
Category of applications • System level
– Host forensics
– Web Server
• Network level – Intrusion Detection Systems
– DDoS attack
– BGP
– MANETs
– Wireless LAN
• Hybrid (system & network level) – Survivability analysis
– Vulnerability analysis
– Risk analysis
• applications – E-voting
– Copyright Protection Protocols
– Attacks to user authentication
– Analyze security for online banking system
– Defense trees for economic evaluation of security investments
• Misc – Network attack simulator
– Intrusion signature based on Honeypot
![Page 38: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/38.jpg)
40/53
Log file investigation
N. Poolsapassit and I. Ray, Investigating Computer Attacks using Attack Trees, Chap. 23, Proc. of IP 2007
![Page 39: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/39.jpg)
41/53
Web server hacking
T. Tidwell, R. Larson, K. Fitch, and J. Hale, Modeling Internet Attacks, WIAS 2001
![Page 40: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/40.jpg)
42/53
DDoS attack and protection trees
![Page 41: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/41.jpg)
43/53
Modeling and analysis of Attacks on MANET
routing in AODV
P. Ebiner and T. Bucher, Modeling and Analysis of Attacks on the MANET routing in AODV, ADHOC-NOW 2006
![Page 42: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/42.jpg)
44/53
Detect selfish nodes in MANETs
F. Kargl, A. Klenk, S. Schlott, and M. Weber, Advanced Detection of Selfish or Malicious Nodes in Ad Hoc Networks,
ESAS 2004
![Page 43: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/43.jpg)
45/53
Survivability (attack resiliency) Analysis
Generating Intrusion Scenarios ->cost (difficulty) ->min.
difficulty == attack resiliency
![Page 44: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/44.jpg)
46/53
Vulnerability analysis
J. Eom et al,Active Cyber Attack Model for Network System’s Vulnerability Assessment, Proc. ICISS 2008
Attack Damage Assessment (ADA) is to
assess how long target system
is interrupted by DoS attack.
![Page 45: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/45.jpg)
47/53
e-Voting system
A. Buldas and T. Magi, Practical Security Analysis of E-voting Systems. IWSEC07
![Page 46: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/46.jpg)
48/53
Copyright Protection Protocol
•M. Higuero et al, Application of ‘Attack Trees’ Techniques to Copyright Protection Protocols Using Watermarking
•and Definition of a New Transactions Protocol SecDP (Secure Distribution Protocol), MIPS 2004.
![Page 47: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/47.jpg)
49/53
Attacks to user authentication
Biometric User Authentication for it Security
From Fundamentals to Handwriting, Fundamentals in User Authentication, chap 4.
![Page 48: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/48.jpg)
50/53
Analyze security for online banking system
K. Edge, R. Raines, R. Bennington, and C. Reuter, The Use of Attack and Protection Trees
to Analyze Security for an Online Banking System, HICSS 2007
![Page 49: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/49.jpg)
51/53
Defense trees for economic evaluation of security
investments
S. Bistarelli, F. Fioravanti, P. Peretti, Defense trees for economic evaluation of security investments, AReS 2006
![Page 50: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/50.jpg)
52/53
A Network Security Simulator
that uses attack trees
Simulation
was done over
100,000
nodes.
![Page 51: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/51.jpg)
53/53
Comparison
• Attack trees vs. Fault trees (in SHARPE) Atree Ftree
parameters Prob. of success of a given attack
Conditional probability
Impact (e.g., 0-10)
Risk.
Cost
Attacker skill
Attack difficulty, e.g. 1-10
Probability of getting caught
Penalty
Combined
Failure rates
Prob. of failure
Weibull failure distribution
Hypoexponential distribution
Hyperexponential distribution
Mixture distribution
Defective distribution
Oneshot distribution
Bionomial distribution
Output Cost to attacks
Risk
Vulnerability
Survivability (not T1A1)
Intrusion scenarios
Reliability
Unreliability
PQCDF(pq cumulative distribution f)
Mincuts
MTTF
Variance
![Page 52: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/52.jpg)
54/53
References 1. S. Bistarelli, M. Dall‟Aglio, and P. Peretti, Strategic Games on Attack Trees, Proc.
FAST 2006
2. S. Bistarelli, F. Fioravanti, P. Peretti, Defense trees for economic evaluation of security investments, Proc. AReS 2006
3. A. Buldas and T. Magi, Practical Security Analysis of E-voting Systems. Proc. IWSEC07
4. A. Bulda, P. Laud, J. Priisalu, M. Saarepera, J. Willemson, Rational Choice of Security Measures Via Multi-parameter Attack Trees, Proc. CRITIS 2006.
5. S. Camtepe and B. Yener, Modeling and Detection of Complex Attacks, Proc. securecom 2007
6. K. Daley, R. Larson, J. Dawkins, A Structural Framework for Modeling Multi-Stage Network Attacks, Proc. ICPPW 2002.
7. P. Ebiner and T. Bucher, Modeling and Analysis of Attacks on the MANET routing in AODV, Proc. ADHOC-NOW 2006
8. K. Edge, R. Raines, R. Bennington, and C. Reuter, The Use of Attack and Protection Trees to Analyze Security for an Online Banking System, Proc. HICSS 2007
9. J. Eom et al, Active Cyber Attack Model for Network System‟s Vulnerability Assessment, Proc. ICISS 2008
10. I. N. Fovino and M. Masera, Through the Description of Attacks: A Multidimensional View, SAFECOMP 2006.
![Page 53: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/53.jpg)
55/53
References
11. C. Fung, et al. Survivability Analysis of Distributed Systems using Attack Tree Methodology, Proc. MILCOM 2005
12. M. Higuero et al, Application of „Attack Trees‟ Techniques to Copyright Protection Protocols Using Watermarking and Definition of a New Transactions Protocol SecDP (Secure Distribution Protocol), Proc. MIPS 2004.
13. S. Huang, Z. Li, L. Wang, Minining Attack Correlation Scenarios Based on Multi-agent System, Proc. HCII 207.
14. A. Jurgenson and J. Willemson, Processing Multi-parameter Attack trees with Estimated Parameter Values, Proc. IWSEC 2007
15. K. Juszxzyszyn, N. T. Nguyen, G. Kolaxzek, A. Grzech, A. Piexzynska, and R. Katarzyniak, Agent-Based Approach for Distributed Intrusion Detection System Design, Proc. of ICCS 2006.
16. F. Kargl, A. Klenk, S. Schlott, and M. Weber, Advanced Detection of Selfish or Malicious Nodes in Ad Hoc Networks, Proc. ESAS 2004
17. M. S. Lathrop, L. Hill, L. Surdu, Modeling Network Attacks, Proc. IAW 2002.
18. P. Moore, R. J. Ellision, R. C. Linger, Attack Modeling for Information Security and Survivability, Technical Note, CMU/SEI-2001-TN-001, March 2001.
19. S. Mauw and M. Oostdijk. Foundations of attack trees. Proc. ICICS 2005.
20. T. Olzak, A Practical Approach to Threat Modeling, TR, 2006
![Page 54: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/54.jpg)
56/53
References 21. I. Ray and N. Poolsapassit, Using Attack Trees to Identify Attacks from
Authorized Insiders, Proc. ESORICS 2005
22. E. Park, J. Yun, H. In, Simulating Cyber intrusion using Ordered UML Model-based scenarios, Proc. AsiaSim04
23. N. Poolsapassit and I. Ray, Investigating Computer Attacks using Attack Trees, Chap. 23, Proc. IP 2007
24. C.-W. Ten, C-C. Liu, M. Govindarasu, Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees, Proc. PESGM 2007.
25. T. Tidwell, R. Larson, K. Fitch, and J. Hale, Modeling Internet Attacks, Proc. WIAS 2001
26. C. Vielhauer, Biometric User Authentication for it Security: From Fundamentals to Handwriting, Chap 4.
27. P. Wu, and V. varadharajan, A Novel Security Risk Evaluation for Information System, Proc. FCST 2007
28. R. R. Yager, OWA trees and their role in security modeling using attack trees, Information Science 176, pp.2933-2959, 2006.
29. Z. Zhang, P.-H. Ho, X. Lin, H. Shen, Janus: A Two-Sided Analytical Model for Multi-Stage Coordinated Attacks, Proc. ICISC 2006.
![Page 55: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/55.jpg)
57/53
AttackTree+
• http://www.isograph-oftware.com/atpover.htm
– Indicator:
• Indicator name
• Indicator description
• minimum
• Maximum
• Default
• Logical expression – AND/OR
– Multiple indicators (combined) at a time
• Cost, equipment, probability, frequency
![Page 56: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/56.jpg)
58/53
AttackTree+
• Consequence
– Financial
– Reputation
– Safety
– Political
– Environmental
– Operational
– Communications
– Security
– Other values
![Page 57: Attack trees: Formalisms, Variants, and Applicationscloudsecurity.ece.duke.edu/.../files/u6/AttackTrees-DSK.pdf · 2013-09-17 · Attack trees: Formalisms, Variants, and Applications](https://reader030.vdocument.in/reader030/viewer/2022040904/5e778d679806963b8e5c6bf7/html5/thumbnails/57.jpg)
59/53
AttackTree+
• Event probability [0,1]
– Or Frequency of event
• Analysis
– Outcome
– Mini-cut set (display with different color, trace)