Attack tree

Attack tree

Attack trees are conceptual diagrams of threats on computer systems and possible attacks to reach those threats. The concept was suggested by Bruce Schneier] .

Basic

Attack trees are multi-leveled diagrams consisting of one root, leaves, and children. From the bottom up, "child nodes" are conditions which must be satisfied to make the direct parent "node" true; when the "root" is satisfied, the attack is complete. Each "node" may be satisfied only by its direct "child nodes".

A "node" may be the "child" of another node; in such a case, it becomes logical that multiple steps must be taken to carry out an attack. For example, consider classroom computers which are secured to the desks. To steal one, the securing cable must be cut or the lock unlocked. The lock may be unlocked by picking or by obtaining the key. The key may be obtained by threatening a key holder, bribing a keyholder, or taking it from where it is stored (e.g. under a mousemat). Thus a four level attack tree can be drawn, of which one path is ("Bribe Keyholder","Obtain Key","Unlock Lock","Steal Computer").

Note also that an attack described in a "node" may require one or more of many attacks described in "child nodes" to be satisfied. Our above condition shows only "OR conditions"; however, an "AND condition" can be created, for example, by assuming an electronic alarm which must be disabled if and only if the cable will be cut. Rather than making this task a "child node" of cutting the lock, both tasks can simply reach a summing junction. Thus the path (("Disable Alarm","Cut Cable"),"Steal Computer") is created.

Attack trees are related to the established fault treecite web |url= http://www.hq.nasa.gov/office/codeq/doctree/fthb.pdf|title= Fault Tree Handbook with Aerospace Applications|accessdate= 2007-12-09] formalism. Fault tree methodology employs boolean expressions to gate conditions when parent nodes are satisfied by leaf nodes. By including apriori probabilities with each node, it is possible to perform calculate probabilities with higher nodes using Bayes Rule. However, in reality accurate probability estimates are either unavailable or too expensive to gather. With respect to computer security with active participants (i.e., attackers), the probability distribution of events are probably not independent nor uniformly distributed, hence, naive Bayesian analysis is unsuitable.

Examination

Attack trees can become largely complex, especially when dealing with specific attacks. A full attack tree may contain hundreds or thousands of different paths all leading to completion of the attack. Even so, these trees are very useful for determining what threats exist and how to deal with them.

Attack trees can lend themselves to defining an information assurance strategy. It is important to consider, however, that implementing policy to execute this strategy changes the attack tree. For example, computer viruses may be protected against by refusing the system administrator access to directly modify existing programs and program folders, instead requiring a package manager be used. This adds to the attack tree the possibility of design flaws or exploits in the package manager.

One could observe that the most effective way to mitigate a threat on the attack tree is to mitigate it as close to the "root" as possible. Although this is theoretically sound, it is not usually possible to simply mitigate a threat without other implications to the continued operation of the system. For example, the threat of viruses infecting a Windows system may be largely reduced by using NTFS instead of FAT file system so that normal users are unable to modify installed programs. Implementing this negates any possible way, foreseen or unforeseen, that a normal user may come to infect the system with a virus; however, it also requires that users switch to an administrative account to carry out administrative tasks, thus creating a different set of threats on the tree and more operational overhead.

See also

*Fault tree analysis
*Computer insecurity
*Computer security
*Computer virus

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Tree — /tree/, n. Sir Herbert Beerbohm /bear bohm/, (Herbert Beerbohm), 1853 1917, English actor and theater manager; brother of Max Beerbohm. * * * I Woody perennial plant. Most trees have a single self supporting trunk containing woody tissues, and in …   Universalium

  • Attack & Release — Studio album by The Black Keys Released April 1, 2008 (2008 04 01) …   Wikipedia

  • Attack & Release — Album par The Black Keys Sortie 2008 Enregistrement août 2007, Suma Recording Studio Durée 37:21 Genre Blues rock, Garage rock P …   Wikipédia en Français

  • tree — treelike, adj. /tree/, n., v., treed, treeing. n. 1. a plant having a permanently woody main stem or trunk, ordinarily growing to a considerable height, and usually developing branches at some distance from the ground. 2. any of various shrubs,… …   Universalium

  • Tree hollow — A tree hollow or tree hole is a semi enclosed cavity which has naturally formed in the trunk or branch of a tree. These are predominantly found in old trees, whether living or not. Hollows form in many species of trees, and are a prominent… …   Wikipedia

  • Attack — This unusual and interesting surname is of Anglo Saxon origin, and is from a topographical name for someone who lived near an oak tree or in an oak wood, derived from the Middle English (1200 1500) oke , oak, from the Olde English pre 7th Century …   Surnames reference

  • List of One Tree Hill characters — The original five from the first season; Upper row (L R) Lucas, Peyton and Haley. Lower row (L R) Brooke and Nathan. One Tree Hill is an American television series created by Mark Schwahn for The WB in 2003. After its third season, The WB and UPN …   Wikipedia

  • One Tree Hill, New Zealand — Maungakiekie redirects here. For the electorate, see Maungakiekie (New Zealand electorate). One Tree Hill Maungakiekie One Tree Hill after the removal of the One Tree . The image does not show …   Wikipedia

  • One Tree Hill (season 6) — One Tree Hill: Season 6 One Tree Hill Season 6 DVD Cover Country of origin …   Wikipedia

  • Dragon Ball Z: The Tree of Might — Japanese box art Directed by Daisuke Nishio Produced by …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”