Attack Trees
Attack trees appeared in the 1990's as an attacker-centric approach to analyze the security of systems. Usually displayed as a Visio flow chart, it diagrams possible attacks against an object. The parent node represents the goal, while child nodes break out the various methods to achieve the goal, as illustrated in this example:
Attack trees appeared in the 1990's as an attacker-centric approach to analyze the security of systems. Usually displayed as a Visio flow chart, it diagrams possible attacks against an object. The parent node represents the goal, while child nodes break out the various methods to achieve the goal, as illustrated in this example:
Introduced by Bruce Schneier, attack trees can also assign values, such as difficulty, cost, intrusiveness, legality, or just about any other metric that might tell a security story. For example, if the method to achieve the goal costs more than the goal itself, the probability of the attack is less likely. Security teams can use this information to make recommendations and implement controls as necessary.
This type of threat modeling may seem time-consuming and rebellious to the software-centric approach to the Microsoft's Security Development Lifecycle, but it has some versatility. Once the attack tree is fully grown, it can be linked to other trees so analysts or developers can see the forest. And according to Schneier, “If you're a computer-security expert, you don't have to know the details about how difficult a particular model of safe is to crack; you just need to know the values of the root node.”
What do you think? Is this approach outdated or still useful? Please post your comments below.
Reference
Schneier, B. (1999, December 1). Attack Trees. Retrieved April 09, 2017, from http://www.drdobbs.com/attack-trees/184411129
No comments:
Post a Comment