80 likes | 196 Views
BGP Attack Tree. draft-convery-bgpattack-00.txt http://trinux.sourceforge.net/draft-convery-bgpattack-00.html http://trinux.sourceforge.net/draft-convery-bgpattack-00.txt Sean Convery David Cook Matt Franz. Motivations. Develop formal analysis of potential threats to and using BGP
E N D
BGP Attack Tree draft-convery-bgpattack-00.txt http://trinux.sourceforge.net/draft-convery-bgpattack-00.html http://trinux.sourceforge.net/draft-convery-bgpattack-00.txt Sean Convery David Cook Matt Franz
Motivations • Develop formal analysis of potential threats to and using BGP • Create threat profile useful for evaluating BGP security improvements • Provide foundation for vulnerability testing of new and existing BGP implementations • Facilitate repeatable testing methodology by third parties • Organize the material in a modular and reusable way
Why Attack Trees? • Provide well documented method of exploring every possibility an adversary has (technical and non-technical). • Data presentation in tree format allows: • Easy gap identification • Selective elaboration based on location in the tree • Ability to assign attributes for nodes of the tree: • Impact of the attack • Ease of attack execution • Cost of the attack • Presence of countermeasures (such as best practices) • Access/trust requirements to conduct attack http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm http://www.cert.org/archive/pdf/01tn001.pdf
Attack Tree Example Goal: Gain unauthorized physical access to building Attack: OR 1. Unlock door with key OR 1. Steal Key 2. Social Engineering OR 1. Borrow key 2. Convince locksmith to unlock door 2. Pick lock 3. Break window 4. Follow authorized individual into building OR 1. Act like you belong and follow someone else 2. Befriend someone authorized outside a building 3. Appear in need of assistance (such as carrying a large box) AND 4. Wear appropriate clothing for the location
Attack Tree Example (Graphical) Blue = OR Red = AND Graphic tree representations are generated from the source attack tree.
Reset a Single BGP Session Attack: OR 1. Send message to router causing reset OR 1. Send RST message to TCP stack 2. Send BGP Message OR 1. Notify 2. Open 3. Keepalive AND 3. TCP Sequence number Attack (Appendix A.4) 2. Alter configuration via compromised router (Appendix A.1)
Reset a Single BGP Session (Graphical) Blue = OR Red = AND
Next Steps • Incorporate feedback on draft • Ensure completeness of attack tree • Coordinate with other threat drafts Thanks!