View
219
Download
5
Category
Tags:
Preview:
Citation preview
Authors: Edge K.S., Dalton G.C., Raines R.A. and Mills R.F. Affiliation: Air Force Inst. of Technol.
Published by: Military Communications Conference, 2006. MILCOM 2006. IEEE
Presented by Yean-Ru Chen
Dec. 23, 2011
Using attack and protection trees to analyze threats and defenses to homeland security
2
Outline Introduction & Motivation Attack Trees Metrics Protection Trees Homeland Security Information Network
(HSIN) Example and Results & Analysis Conclusions
3
Introduction & Motivation To provide a reliable, cost effective (with
limited resources) method to decide how to best protect a critical system from attackers.
Using attack trees to find out the vulnerabilities and using protection trees to take successfully and appropriately defenses from attacks.
4
Attack Trees It is also called Threat Logic Trees (TLT).
Tree structure with child nodes having AND or OR relationships.
Root node: attacker’s goal Can be further decomposed into sub-goals
Leaf nodes: individual attacker actions (attackers can actually control)
ANDOR
5
Metrics Attack Tree
6
Metrics P: probability of success (attack successfully)
Obtained by either analyst estimation or historical data
Cost: cost to carry out a certain attack/the sub-goal/the goal Obtained by either analyst estimation or historical
data Impact: impact to the system Risk: calculated using the other metrics
7
Metrics
8
Metrics
9
Metrics The parent of nodes with an OR relationship
always has a higher probability of success then any of the child nodes.
The parent node of children with an AND relationship always has a lower probability of success than the highest (? lowest) probability child node.
10
Protection Trees Compared with attack tree: also AND/OR type
tree structures
Protection trees can yield an analysis of where protections should be placed in order to get the greatest protection for the least expenditure of resources.
The root node of a protection tree directly corresponds with the root node in an attack tree, but the rest of the tree's structure may differ widely.
11
OR in attack tree AND in protection tree
There is not always a one to one correspondence between nodes in the attack tree and the protection tree.
12
13
Homeland Security Information Network (HSIN) Example and Results & Analysis
For example: Now we just have only $25K of resources available to use in protecting the JRIES system
Highest Risk
Attack Tree Protection Tree
14
We choose the cheapest one to protect server.
cheaper one
cheaper one
Protection Tree
15
16
17
Finally, they use 22k to reduce the probability of success and let the attatacker should spend much money to attack.
Before After
18
Conclusions This paper has shown how attack and
protection trees can be used to analyze a system's vulnerabilities and determine where to place appropriate protections in a logical manner.
Metrics that can be used in attack and protection trees were introduced and operators for the metrics were developed.
19
Thank you for your attention!
Recommended