View
220
Download
0
Category
Preview:
Citation preview
Introduction
• Introduction
• Attack Trees
• Attack Pattern Reuse
• Attack Tree Refinement
• Conclusions
Introduction
• Problem– Attack Data not used for improving Design
and Implementation– Engineers still not learning from the past– Need a better way to utilize past attack data
• Solution (Attack Trees/Patterns)
• ACME Enterprise
Attack Trees
• Definition– a systematic method to characterize system
security based on varying attacks
Attack Trees (Structure/Semantics)
• Root Node
• Tree Nodes– Attack Sub-Goals
• AND-Decomposition requires all to succeed• OR-Decomposition requires one to succeed
Attack Trees
• Intrusion Scenarios– Scenarios that result in achieving the primary
goal– Generated by traversing the tree in a depth-
first manner– Intermediate nodes are not appear
• Branch Refinement
• ACME Attack Tree
Attack Trees
• ACME intrusion scenarios• <1.1> , <1.2> , <2.1, 2.2, 2.3, 2.4>• <3.1> , <3.2>• <4.1> , <4.2> , <5.1> , <5.2> , <5.3>• <6.1> , <6.2>
Attack Trees
• ACME intrusion scenarios (Refined)• <1, 2.1, 3.1, 4.1, 5.1> , <1, 2.2, 3.1, 4.1, 5.1>• <1, 2.3, 3.1, 4.1, 5.1> , <1, 2.1, 3.2, 4.1, 5.1>• <1, 2.2, 3.2, 4.1, 5.1> , <1, 2.3, 3.2, 4.1, 5.1>• <1, 2.1, 3.1, 4.2, 5.1> , <1, 2.2, 3.1, 4.2, 5.1>• <1, 2.3, 3.1, 4.2, 5.1> , <1, 2.1, 3.2, 4.2, 5.1>• <1, 2.2, 3.2, 4.2, 5.1> , <1, 2.3, 3.2, 4.2, 5.1>
Attack Pattern Reuse
• Definition
• Components of an Attack Pattern
• Pertain to Software and Hardware
• Attack Profiles
Attack Pattern Reuse
• Components of an Attack Pattern– Overall Goal– Preconditions/Assumptions– Attack Steps– Post-conditions (true if attack is successful)
Attack Pattern Reuse
• Components of an Attack Profile– Common Reference Model– Set of Variants– Set of Attack Patterns– Glossary of terms and phrases
Attack Tree Refinement
• Profile/Enterprise Consistency
• Definition: “Consistency”
• Attack Pattern Relevance
• ACME Example– Org = ACME– Intranet = ACME Internet– Firewall = ACME Firewall
Attack Tree Refinement
• Pattern Application– Show relevance to the attack tree goal
(relevance)– Applying Attack Patterns
Recommended