Attack Modeling for Information Security and Survivability - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Attack Modeling for Information Security and Survivability

Description:

Attack Modeling for Information Security and Survivability Presented By Chad Frommeyer Introduction Introduction Attack Trees Attack Pattern Reuse Attack Tree ... – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 37
Provided by: ChadFro2
Category:

less

Transcript and Presenter's Notes

Title: Attack Modeling for Information Security and Survivability


1
Attack Modeling for Information Security and
Survivability
  • Presented By
  • Chad Frommeyer

2
Introduction
  • Introduction
  • Attack Trees
  • Attack Pattern Reuse
  • Attack Tree Refinement
  • Conclusions

3
Introduction
  • Problem
  • Attack Data not used for improving Design and
    Implementation
  • Engineers still not learning from the past
  • Need a better way to utilize past attack data
  • Solution (Attack Trees/Patterns)
  • ACME Enterprise

4
(No Transcript)
5
Attack Trees
  • Definition
  • a systematic method to characterize system
    security based on varying attacks

6
Attack Trees (Structure/Semantics)
  • Root Node
  • Tree Nodes
  • Attack Sub-Goals
  • AND-Decomposition requires all to succeed
  • OR-Decomposition requires one to succeed

7
AND Decomposition
OR Decomposition
8
Attack Trees
  • Intrusion Scenarios
  • Scenarios that result in achieving the primary
    goal
  • Generated by traversing the tree in a depth-first
    manner
  • Intermediate nodes are not appear
  • Branch Refinement
  • ACME Attack Tree

9
(No Transcript)
10
(No Transcript)
11
Attack Trees
  • ACME intrusion scenarios
  • lt1.1gt , lt1.2gt , lt2.1, 2.2, 2.3, 2.4gt
  • lt3.1gt , lt3.2gt
  • lt4.1gt , lt4.2gt , lt5.1gt , lt5.2gt , lt5.3gt
  • lt6.1gt , lt6.2gt

12
Attack Trees
  • Refinement of ACME node 5.3

13
(No Transcript)
14
Attack Trees
  • ACME intrusion scenarios (Refined)
  • lt1, 2.1, 3.1, 4.1, 5.1gt , lt1, 2.2, 3.1, 4.1, 5.1gt
  • lt1, 2.3, 3.1, 4.1, 5.1gt , lt1, 2.1, 3.2, 4.1, 5.1gt
  • lt1, 2.2, 3.2, 4.1, 5.1gt , lt1, 2.3, 3.2, 4.1, 5.1gt
  • lt1, 2.1, 3.1, 4.2, 5.1gt , lt1, 2.2, 3.1, 4.2, 5.1gt
  • lt1, 2.3, 3.1, 4.2, 5.1gt , lt1, 2.1, 3.2, 4.2, 5.1gt
  • lt1, 2.2, 3.2, 4.2, 5.1gt , lt1, 2.3, 3.2, 4.2, 5.1gt

15
Attack Pattern Reuse
  • Definition
  • Components of an Attack Pattern
  • Pertain to Software and Hardware
  • Attack Profiles

16
Attack Pattern Reuse
  • Components of an Attack Pattern
  • Overall Goal
  • Preconditions/Assumptions
  • Attack Steps
  • Post-conditions (true if attack is successful)

17
(No Transcript)
18
Buffer Overflow Attack
19
(No Transcript)
20
Unexpected Operator Attack
21
(No Transcript)
22
(No Transcript)
23
Attack Pattern Reuse
  • Components of an Attack Profile
  • Common Reference Model
  • Set of Variants
  • Set of Attack Patterns
  • Glossary of terms and phrases

24
Attack Reference Model
25
(No Transcript)
26
Attack Tree Refinement
  • Refinement Process
  • Require security expertise
  • Attack pattern libraries

27
(No Transcript)
28
Attack Tree Refinement
  • Profile/Enterprise Consistency
  • Definition Consistency
  • Attack Pattern Relevance
  • ACME Example
  • Org ACME
  • Intranet ACME Internet
  • Firewall ACME Firewall

29
Attack Tree Refinement
  • Resulting Reference Model

30
Attack Tree Refinement
  • Pattern Application
  • Show relevance to the attack tree goal
    (relevance)
  • Applying Attack Patterns

31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
Conclusions
  • Objective
  • Documentation via Attack Trees/Profiles
  • Documentation Reuse
  • Questions still to answer
  • Continued Research
Write a Comment
User Comments (0)
About PowerShow.com