Future Work - PowerPoint PPT Presentation

1 / 1
About This Presentation
Title:

Future Work

Description:

Systems are modeled under the concept of an 'attack tree', an approach to ... find the biggest holes in a system's security or best methods of fortification. ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 2
Provided by: sher62
Category:

less

Transcript and Presenter's Notes

Title: Future Work


1
Security Analysis of Systems Using
Model-Integrated-Computing
Abstract This project aims to model network
security systems and develop network security
analysis tools. Systems are modeled under the
concept of an attack tree, an approach to
security modeling developed by Bruce Schneier, a
professional in the fields of cryptography and
security1. Security analysis benefits from an
attack tree modeling approach given the right
tools, a modeling environment can help a user
find the biggest holes in a systems security or
best methods of fortification. An attack tree
modeling language and model interpreters have
been developed using Vanderbilt's Generic
Modeling Environment (GME).
The Attack Tree Toolbox
Modeling Specifications
Analysis Interpreter (Main Interpreter)
  • Allows user to input search conditions for
    filtering paths, such as Cost to attack lt 5000
  • Populates a list box with all applicable paths
  • Lets user view and sort paths based on various
    statistics
  • Allows user to highlight paths in the model
    and/or create a separate model for the path

Objects and Relations
  • Node an event in an attack path
  • Attack tree a container that can hold nodes
    and their connections
  • Node to node connection a directed
    relationship between nodes the source node is
    essentially a requirement for the destination
    node
  • Attack tree to node connection a
    relationship similar to that of nodes used when
    branches of a tree have been collapsed to a
    container

Collapse Interpreter
Attributes of Objects
Based on the object selected by the user, either
collapses the branch starting at that node into a
model or expands the model into the original
branch.
  • Attributes for only nodes
  • Type either AND or OR
  • AND -gt all attached nodes are required
  • OR -gt only one attached node is required
  • Goal does node represent the goal of the
    attack?
  • Attributes for both nodes and trees
  • Cost to attack how much an attack on the
    object would cost the attacker
  • Damage cost how much an attack on the object
    would cost the owner(s) of a system
  • Technical ability a rating from 1-100 of the
    skill required to achieve the attack
  • Probability of apprehension the risk a
    potential attacker would run of being caught

Dispatch Interpreter
Allows the user to import or export a model in
XML or export the model into Graphviz, a separate
program for displaying graphs.
Figure 2 Use of the Analysis interpreter
(Attack tree acquired from first source.)
Legend
  • Future Work
  • Improve diagnosis of a modeled systems
    weaknesses
  • Save and load profiles of potential intruders
    to the system, such as the average script kiddie,
    a professional cracker, or a common burglar
  • Model and diagnose a real life system, most
    likely a local computer network

Figure 1 The AttackTree MetaModel
SIPHER Students Marty Henderson, Blake
Sheridan Graduate Student Mentor Jan Werner
Citations 1. Schneier, Bruce. Attack Trees.
Dec. 1999.  1 August 2006. lthttp//www.schneier.c
om/paper-attacktrees-ddj-ft.htmlgt.
Figure 3 Viewing of a model exported
to Graphviz
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Future Work" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!