370 likes | 702 Views
Attack Modeling for Information Security and Survivability. Presented By Chad Frommeyer. Introduction. Introduction Attack Trees Attack Pattern Reuse Attack Tree Refinement Conclusions. Introduction. Problem Attack Data not used for improving Design and Implementation
E N D
Attack Modeling for Information Security and Survivability Presented By Chad Frommeyer
Introduction • Introduction • Attack Trees • Attack Pattern Reuse • Attack Tree Refinement • Conclusions
Introduction • Problem • Attack Data not used for improving Design and Implementation • Engineers still not learning from the past • Need a better way to utilize past attack data • Solution (Attack Trees/Patterns) • ACME Enterprise
Attack Trees • Definition • a systematic method to characterize system security based on varying attacks
Attack Trees (Structure/Semantics) • Root Node • Tree Nodes • Attack Sub-Goals • AND-Decomposition requires all to succeed • OR-Decomposition requires one to succeed
AND Decomposition OR Decomposition
Attack Trees • Intrusion Scenarios • Scenarios that result in achieving the primary goal • Generated by traversing the tree in a depth-first manner • Intermediate nodes are not appear • Branch Refinement • ACME Attack Tree
Attack Trees • ACME intrusion scenarios • <1.1> , <1.2> , <2.1, 2.2, 2.3, 2.4> • <3.1> , <3.2> • <4.1> , <4.2> , <5.1> , <5.2> , <5.3> • <6.1> , <6.2>
Attack Trees • Refinement of ACME node 5.3
Attack Trees • ACME intrusion scenarios (Refined) • <1, 2.1, 3.1, 4.1, 5.1> , <1, 2.2, 3.1, 4.1, 5.1> • <1, 2.3, 3.1, 4.1, 5.1> , <1, 2.1, 3.2, 4.1, 5.1> • <1, 2.2, 3.2, 4.1, 5.1> , <1, 2.3, 3.2, 4.1, 5.1> • <1, 2.1, 3.1, 4.2, 5.1> , <1, 2.2, 3.1, 4.2, 5.1> • <1, 2.3, 3.1, 4.2, 5.1> , <1, 2.1, 3.2, 4.2, 5.1> • <1, 2.2, 3.2, 4.2, 5.1> , <1, 2.3, 3.2, 4.2, 5.1>
Attack Pattern Reuse • Definition • Components of an Attack Pattern • Pertain to Software and Hardware • Attack Profiles
Attack Pattern Reuse • Components of an Attack Pattern • Overall Goal • Preconditions/Assumptions • Attack Steps • Post-conditions (true if attack is successful)
Attack Pattern Reuse • Components of an Attack Profile • Common Reference Model • Set of Variants • Set of Attack Patterns • Glossary of terms and phrases
Attack Tree Refinement • Refinement Process • Require security expertise • Attack pattern libraries
Attack Tree Refinement • Profile/Enterprise Consistency • Definition: “Consistency” • Attack Pattern Relevance • ACME Example • Org = ACME • Intranet = ACME Internet • Firewall = ACME Firewall
Attack Tree Refinement • Resulting Reference Model
Attack Tree Refinement • Pattern Application • Show relevance to the attack tree goal (relevance) • Applying Attack Patterns
Conclusions • Objective • Documentation via Attack Trees/Profiles • Documentation Reuse • Questions still to answer • Continued Research