attack modeling for information security and survivability
DESCRIPTION
Attack Modeling for Information Security and Survivability. Presented By Chad Frommeyer. Introduction. Introduction Attack Trees Attack Pattern Reuse Attack Tree Refinement Conclusions. Introduction. Problem Attack Data not used for improving Design and Implementation - PowerPoint PPT PresentationTRANSCRIPT
Attack Modeling for Information Security and Survivability
Presented ByChad Frommeyer
Introduction
• Introduction• Attack Trees• Attack Pattern Reuse• Attack Tree Refinement• Conclusions
Introduction
• Problem– Attack Data not used for improving Design
and Implementation– Engineers still not learning from the past– Need a better way to utilize past attack data
• Solution (Attack Trees/Patterns)• ACME Enterprise
Attack Trees
• Definition– a systematic method to characterize system
security based on varying attacks
Attack Trees (Structure/Semantics)
• Root Node• Tree Nodes
– Attack Sub-Goals• AND-Decomposition requires all to succeed• OR-Decomposition requires one to succeed
AND Decomposition
OR Decomposition
Attack Trees
• Intrusion Scenarios– Scenarios that result in achieving the primary
goal– Generated by traversing the tree in a depth-
first manner– Intermediate nodes are not appear
• Branch Refinement• ACME Attack Tree
Attack Trees
• ACME intrusion scenarios• <1.1> , <1.2> , <2.1, 2.2, 2.3, 2.4>• <3.1> , <3.2>• <4.1> , <4.2> , <5.1> , <5.2> , <5.3>• <6.1> , <6.2>
Attack Trees
• Refinement of ACME node 5.3
Attack Trees
• ACME intrusion scenarios (Refined)• <1, 2.1, 3.1, 4.1, 5.1> , <1, 2.2, 3.1, 4.1, 5.1>• <1, 2.3, 3.1, 4.1, 5.1> , <1, 2.1, 3.2, 4.1, 5.1>• <1, 2.2, 3.2, 4.1, 5.1> , <1, 2.3, 3.2, 4.1, 5.1>• <1, 2.1, 3.1, 4.2, 5.1> , <1, 2.2, 3.1, 4.2, 5.1>• <1, 2.3, 3.1, 4.2, 5.1> , <1, 2.1, 3.2, 4.2, 5.1>• <1, 2.2, 3.2, 4.2, 5.1> , <1, 2.3, 3.2, 4.2, 5.1>
Attack Pattern Reuse
• Definition• Components of an Attack Pattern• Pertain to Software and Hardware• Attack Profiles
Attack Pattern Reuse
• Components of an Attack Pattern– Overall Goal– Preconditions/Assumptions– Attack Steps– Post-conditions (true if attack is successful)
Buffer Overflow Attack
Unexpected Operator Attack
Attack Pattern Reuse
• Components of an Attack Profile– Common Reference Model– Set of Variants– Set of Attack Patterns– Glossary of terms and phrases
Attack Reference Model
Attack Tree Refinement
• Refinement Process• Require security expertise• Attack pattern libraries
Attack Tree Refinement
• Profile/Enterprise Consistency• Definition: “Consistency”• Attack Pattern Relevance• ACME Example
– Org = ACME– Intranet = ACME Internet– Firewall = ACME Firewall
Attack Tree Refinement
• Resulting Reference Model
Attack Tree Refinement
• Pattern Application– Show relevance to the attack tree goal
(relevance)– Applying Attack Patterns
Conclusions
• Objective• Documentation via Attack Trees/Profiles• Documentation Reuse• Questions still to answer• Continued Research