Wednesday, April 3, 2019
Analysis of Attack Tree Methodology
Analysis of onrush Tree MethodologyInformation technology (IT) guarantor has become much and more than important today when as e-commerce is becoming increasingly popular. raft in suffered countries like America and throughout European countries mystify been exposed to online trading for a long period this trend is as well taking off in developing countries in other move of the world. Besides its importance toward business organic law activities, IT security in like manner plays a arctic role in protecting individuals, organizations assets, which be actu whollyy parts of the business operations. Variety methods of securing business have been developed and implemented successfully. onset Trees is wholeness of those. Not only in Information Technology, Attack Trees is also relevant to security problems in a wide range of fields including telecommunications, wellness cargon, finance, critical infrastructure, aerospace, intelligence and defense.To secure your business against impending risks, you first deal to define tout ensemble kinds of achievable risks and pathways that those risks might be realized. Acknowledging risks and how they might happen, you bequeath be able to develop measures to fight against or mitigate them. This is also what Attack Trees helps clarify. Attack Trees is a formal, convenient way to methodically categorise the different ways (how the risks happen) in which a carcass croupe be flaked1 (risks). Attack trees are a in writing(p) and mathematical construct employ toIdentify potential hostile activities that pose the greatest risk to the shielderDetermine stiff (and cost effective) strategies for reducing the defenders risk to an acceptable aimDescribe the potential interactions between the adversary and the defenderProvide a communication mechanism for security analystsCapture what is known (facts) and believed (assumptions) about the schema and its adversaries, and store the information in a form that can later on be retrieved and understood by others2Attack tree moldings are graphical diagrams representing the choices and terminals available to an attacker. They are represented in a tree structure, in which the root lymph node of the tree is the global goal of an attacker and flicker nodes are different ways of achieving that goal. In an attack tree, children of the root node are refinements of the global goal, and leaf nodes represent attacks that can no long-term be refined. A refinement can be conjunctive (AND) or disjunctive (OR). Figure 1 shows an example of an attack tree with the goal of the attacker is to obtain a free lunch3. The tree lists third accomplishable ways to reach this goal. Lower levels in the tree explain how these sub-goals are refined. The arc connecting the children nodes expresses that this is a conjunctive (AND) refinement, which means that all sub-goals have to be fulfilled. Refinements without such(prenominal) a connecting arc are disjunctive (O R), expressing that satisfying wizard sub-goal sufficesThe strength of the attack tree methodology lies in the fact that its graphical, merged tree nonation is easy to understand to practitioners, yet also smart for shot builders and theoreticians attempting to partially automate the threat analysis process. More and more research papers have been used attack trees in manakin security threat of information system. Over the last year, over 15,000 articles on Google Scholar4 have been used the attack tree technique in whatsoever way. The way this technique is used now is usually by designate different kinds of values to the leaf nodes (for example, attainable and impossible, expansive and inexpensive, cost to attack, opportunity of success of a prone attack, etc.) then(prenominal) propagating node values up the tree following some rules. Based on that calculation, people can make some statements about attacks, for example, what is the cheapest low-risk attack or most in a ll likelihood non-intrusive attack5.In retrospect soulfulnessal experiences, we notice that what we have done in the past and until now are closely related to what is presented in Attack Trees model, although back by that time, we were not exposed to concept of Attack Trees, nevertheless the approach is basically the same. It was when we worked on a discombobulate and had to define all possible risks/threats that might happen and how we can get word mitigate actions against those risks. The only thing that we had not paid enough attention to, and was really precise important thing, was how all those risks might happen. Failing to do this costs us a lot later on when the risk did happen in a way that we had not thought of, so did not develop appropriate cause of actions and we were passively react to it. It was when we were developing an online testing system to help students prepare for entrance exam to universities6. We would have a inexpugnable team of excellent teachers fr om m both famous schools build the test suffice and have a team of people to import those tests, including answers (multiple choice format), into the system. We conducted educational activity for importing team. (Also, the importing work did take a lot of time so we could not talk all the teachers into it). Things went well until the day we existingly launched the Beta adjustment. We had volunteers, who were actual pupils, do the test it was nothing better for them to take free tests and receive free feedbacks. But when it came to result announce and feedbacks were given to those pupils, everything was just totally wrong many of student answers, which were actually correct, were pronounced incorrect and the must-be-correct answers given by the system were actually incorrect. Recalling that single day, it was a BIG shame on us, the team who worked on the project. We had a soul head of quality control who would make sure that all the tests designed, including questions and answers , are without mistakes. We were very strict on that. We also had a head of study department who will make sure that our collaborators, who performed importing prank, do their job carefully and without mistakes. Random test were taken onwards we launched the first recital and things were all going very well. We developed risk monitoring blocks and look 2 is shown as an example. For a risk that the test is invalidate, we clarified three possible reasons design problem, importing problem and system problem. The reasons are then tracked further along blocks which are colored accordingly. So to retain or mitigate the risk, we only need to make sure that our teacher quality is excellent, our training and importing job are done beautifully and our system will not malfunction. But we only did to the extent that, for example, as long as our collaborators work diligently and carefully, mistakes would largely be avoided. after on, we found out the root of the problem was that one of our collaborator was person from our main competitor and he purposely destroyed our system by changing all correct answers just a night out front the free testing event. This was the thing that we had never thought of. We did not echo that we had problem right from the collaborators recruitment and that this might had been one of many possible ways that can invalidate our test bank. Until then did we know that what we called in general collaborators quality is not limited to the fact that whether they were capable of sagacity and doing the job, but also including their working ethic. Consequently, we were left with everything beginning from scratch all teachers work was carefully rechecked because we did not know right away what exactly caused the problem. Almost all the imported work was deleted and restarted. If we had been able to clarify this possibility, though small, we would have developed action appropriate enough to prevent it, such as lock the system and deny any access bef ore we launched the first version, this would have saved us money and time and prestige as well. We finally were able to offer a running version but it surely had cost us much more resources.7From our face-to-face experience, we see that Attack Trees model is a very useful tool to help organizations in threat detection and appropriate mitigating action development. The model will have important and positive impact on organization business operation in that it help name all possible risks and specific pathways that those risks might become real. From that, it helps determine effective and cost effective strategies to reduce risks to an acceptable level. Organizations should adopt Attack Trees model to secure themselves from any uncertainties that may happen.ReferencesAttack trees Modeling security threats. Dr. Dobbs journal Schneider (2005).Attack Trees Analysis, Terrance Ingoldsby on January 16, 2009 http//redteamjournal.com/2009/01/attack-tree-analysis/Mauw, S., Oostdijk, M. (200 5) Foundations of Attack Trees Information Security and Cryptology-ICISC 2005 Springerhttp//scholar.google.com/scholar?hl=enq=attack+trees+information+systemas_sdt=2000as_ylo=2009as_vis=0Edge, K. (2007) The Use of Attack and Protection Trees to Analyze Security for an Online Banking System. HICSS 07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences.This is how universities in my country recruit prospective students, they do not base on applications but base on result of actual tests, which are held by the Ministry of Education annually for all participantsOur initial project result to date http//hocmai.vn/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment