attack defense tree methodology for security assessment
play

AttackDefense Tree Methodology for Security Assessment Barbara - PowerPoint PPT Presentation

Nov 02, 2022 •235 likes •841 views

AttackDefense Tree Methodology for Security Assessment Barbara Kordy Joint work with Patrick Schweitzer, Sjouke Mauw, Saa Radomirovi Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 1 Outline

  1. Attack–Defense Tree Methodology for Security Assessment Barbara Kordy Joint work with Patrick Schweitzer, Sjouke Mauw, Saša Radomirović Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 1

  2. Outline Attack–defense trees 1 Semantics 2 Quantitative analysis 3 Computational complexity 4 Attack–defense trees in practice 5 Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 2

  3. Outline Attack–defense trees 1 Semantics 2 Quantitative analysis 3 Computational complexity 4 Attack–defense trees in practice 5 Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 3

  4. Attack trees Definition Attack tree (ATree) – tree-like representation of an attacker’s goal recursively refined into conjunctive or disjunctive sub-goals. Methodology to describe security weaknesses of a system Proposed by Schneier Attack trees: Modeling Security Threats , ’99 Formalized by Mauw and Oostdijk Foundations of Attack Trees [ICISC’05] Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 4

  5. Example: attacking a bank account � attack node bank disjunctive refinement account conjunctive refinement atm online user pin card password name find key eavesdrop phishing note logger Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 5

  6. Limitations of attack trees Only attacker’s point of view No defensive measures No attacker/defender interactions No evolutionary aspects Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 6

  7. Attack–defense trees Definition Attack–defense tree (ADTree) – attack tree extended with possibly refined or countered defensive actions. Introduced by Kordy et al. in Foundations of Attack–Defense Trees [FAST’10] Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 7

  8. Example: attacking and defending a bank account � attack node bank defense node � account disjunctive refinement conjunctive refinement countermeasure atm online user card pin password name find key 2nd auth. Eavesdrop phishing note factor logger pin key memorize malware fobs pad force browser os Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 8

  9. Interesting questions Equivalent representations of the same scenario (semantics) Quantitative analysis (attributes) Computational complexity of ATrees and ADTrees (querying) Practical applications (case studies) Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 9

  10. Outline Attack–defense trees 1 Semantics 2 Quantitative analysis 3 Computational complexity 4 Attack–defense trees in practice 5 Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 10

  11. Semantics for ADTrees Semantics define which ADTrees represent the same scenario. Definition Semantics for ADTrees – equivalence relation on ADTrees. Propositional semantics Semantics induced by a De Morgan lattice Multiset semantics Equational semantics Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 11

  12. Propositional semantics for ADTrees In the propositional semantics ADTrees represent Boolean functions. Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 12

  13. Example: propositional interpretation of an ADTree � �� � ( key fobs ∨ pin pad ) ∧ ¬ malware f = ( pin ∧ card ) ∨ online ∧ ¬ bank account atm online 2nd auth. card pin factor pin key malware pad fobs Details Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 13

  14. Propositional semantics ≡ P In the propositional semantics ADTress represent the same scenario if the corresponding Boolean functions are equivalent. Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 14

  15. Example: propositionally equivalent ADTrees rob use deposit hammer box ≡ P access use bank hammer use use hammer key ( hammer ∨ key ) ∧ hammer hammer The two trees are equivalent in the propositional semantics, because in propositional logics we have absorption law ( hammer ∨ key ) ∧ hammer ≡ hammer Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 15

  16. Multiset semantics ≡ M ADTrees are interpreted as sets of multisets. Each multiset represents a possible way of attacking. In the multiset semantics ADTrees represent the same scenario if the corresponding sets of multisets are equal. Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 16

  17. Example: ADTrees not equivalent in the multiset semantics rob deposit box use hammer access use �≡ M bank hammer use use hammer key {{ | hammer , hammer | } , { | key , hammer | }} {{ | hammer | }} The two trees are not equivalent in the multiset semantics, because {{ | hammer , hammer | } , { | key , hammer | }} � = {{ | hammer | }} . Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 17

  18. Different semantics – different equivalence classes rob deposit box ≡ P use hammer access use bank hammer �≡ M use use hammer key The choice of an appropriate semantics depends on considered applications and assumptions. Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 18

  19. Outline Attack–defense trees 1 Semantics 2 Quantitative analysis 3 Computational complexity 4 Attack–defense trees in practice 5 Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 19

  20. Motivation Quantitative analysis of an attack–defense scenario Standard questions What is the minimal cost of an attack? What is the expected impact of a considered attack? Is special equipment required to attack? Bivariate questions How long does it take to secure a system, when the attacker has a limited budget? How does the scenario change if both, the attacker and the defender are affected by a power outage? Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 20

  21. Calculation of attributes Bottom-up algorithm Basic assignment – values assigned to basic actions Attribute domain – operators specifying how to compute values for other nodes Intuitive idea of Schneier Attack trees: Modelling Security Threats , ’99 Formalization by Mauw and Oostdijk for attack trees Foundations of Attack Trees , [ICISC’05] Extension to attack–defense trees by Kordy et al. Foundations of Attack–Defense Trees , [FAST’10] Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 21

  22. Attribute: minimal time of an attack Question: What is the minimal time needed to achieve a considered attack? Attribute domain: Values from N ∪ {∞} ∞ = action not under control of the attacker ( ∨ A , ∧ A , ∨ D , ∧ D , c A , c D ) = ( min , + , + , min , + , min ) Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 22

  23. Attribute domain for minimal time ∨ ∨ ∨ A : min { x , y } ∨ D : x + y y x x y ∧ ∧ ∧ A : x + y ∧ D : min { x , y } y x x y x x c A : x + y c D : min { x , y } y y Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 23

  24. Example: computation of minimal time on an ADTree ( ∨ A , ∧ A , ∨ D , ∧ D , c A , c D ) = ( min , + , + , min , + , min ) 5 use hammer 2 3 use use hammer key 3 2 Details Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 24

  25. Semantics and attribute domains Recall: t and t ′ are equivalent in the propositional semantics. t ′ = use t = hammer 5 3 use hammer 2 3 use use key hammer 3 2 time ( t ′ ) = 3 time ( t ) = 5 Problem: t ≡ P t ′ , but time ( t ) � = time ( t ′ ) Solution: Compatibility notion Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 25

  26. Compatibility of an attribute with a semantics Compatibility defines which semantics should be used in combination with which attribute. Definition Attribute α is compatible with semantics ≡ for ADTrees iff ∀ t , t ′ ∈ ADTrees, t ≡ t ′ = ⇒ α ( t ) = α ( t ′ ) . Problem: How to check compatibility? Solution: Complete set of axioms for a semantics. Details Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 26

  27. Axiomatization of semantics Definition A set E of ADTree transformations is a complete set of axioms for a semantics for ADTrees iff equivalent ADTrees can be obtained from each other by application of transformations from E . Problem: How to find a complete set of axioms for a semantics? Solution: This is difficult. . . Barbara Kordy, UL ATREES project funded by National Research Fund CORE grant No. C08/IS/26 27

Recommend

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

www.securing.pl Pawel Rzepa Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in - Pentesting - Cloud security assessment Blog: https://medium.com/@rzepsky @Rzepsky

1.1k views • 63 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Todays Agenda 1. Cache side channel attack Speed Gap Between CPU and

535 views • 42 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Defenses a. Direct defense b. Stack Cookie; Canary -

713 views • 26 slides
Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense Prevention DOS/DDoS Types Vulnerability attack Flooding attack DoS vs DDoS DoS: Attack is launched from single host Less

614 views • 26 slides
Attacking JAVA Serialized Communication Manish S. Saindane Who am I ? Security Researcher

Attacking JAVA Serialized Communication Manish S. Saindane Who am I ? Security Researcher

ATTACK & & ATTACK labs DEFENSE DEFENSE Attacking JAVA Serialized Communication Manish S. Saindane Who am I ? Security Researcher Working as a Lead Applica8on Security Specialist for an interna8onal so:ware development and

577 views • 28 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Defenses a. Address Space Layout Randomization (ASLR)

872 views • 19 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Online Time: Monday, 5:20 PM - 8:10 PM First off, Logistics! Turn on camera if possible Classes are recorded and released

1.42k views • 116 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Announcements 1. Final Exam : 12/14 2020 7:15PM-10:15PM. Same format as

483 views • 15 slides
Preview question Which of these defense techniques would completely prevent a ROP attack from

Preview question Which of these defense techniques would completely prevent a ROP attack from

Preview question Which of these defense techniques would completely prevent a ROP attack from returning from an intended CSci 5271 return instruction to an unintended gadget? Introduction to Computer Security A. ASLR Day 6: Low-level defenses

125 views • 9 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Online Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Stack-based buffer overflow-1 a. Brief history of buffer overflow b.

873 views • 73 slides
Exploit Development 101 ATTACK & DEFENSE HISTORY OF WINDOWS BUFFER OVERFLOW Peter Chi

Exploit Development 101 ATTACK & DEFENSE HISTORY OF WINDOWS BUFFER OVERFLOW Peter Chi

Exploit Development 101 ATTACK & DEFENSE HISTORY OF WINDOWS BUFFER OVERFLOW Peter Chi chiwp@tw.ibm.com 2020/08/11 About Me IBM CDL Software Engineer Columbia Univ. Master of Science Computer Security Track OSCP / OSCE / eWPT /

1.11k views • 22 slides
Fault attack vulnerability assessment of binary code Cryptography and Security in Computing

Fault attack vulnerability assessment of binary code Cryptography and Security in Computing

Fault attack vulnerability assessment of binary code Cryptography and Security in Computing Systems [CS219], Valencia, Spain January 21, 2019 Jean-Baptiste Brjon Emmanuelle Encrenaz Karine Heydemann Quentin Meunier Son-Tuan Vu Sorbonne

770 views • 34 slides
Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

761 views • 72 slides
Web security With material from Dave Levin, Mike Hicks, Lujo Bauer Previously Attack and

Web security With material from Dave Levin, Mike Hicks, Lujo Bauer Previously Attack and

Web security With material from Dave Levin, Mike Hicks, Lujo Bauer Previously Attack and defense at host machines Applications written in C and C++ Violations of memory safety Web security now Attacking web services

830 views • 37 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Food Defense or WV Incident? Judy Fadden Fadden Analytical Security Did you Know that??? 2MM

Food Defense or WV Incident? Judy Fadden Fadden Analytical Security Did you Know that??? 2MM

Does Your Employee Tree Have Bad Fruit That Could Ripen into a Food Defense or WV Incident? Judy Fadden Fadden Analytical Security Did you Know that??? 2MM US workers report being victims of workplace violence each year.* WV costs to

393 views • 10 slides
Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A

Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A

Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A security breach/attack is defined as an event in which a corporations network is compromised or an individuals name plus Social Security Name (SSN),

890 views • 12 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Advanced Metering Infrastructure Attack Methodology Document Matthew Carpenter ASAP Red Team

Advanced Metering Infrastructure Attack Methodology Document Matthew Carpenter ASAP Red Team

Advanced Metering Infrastructure Attack Methodology Document Matthew Carpenter ASAP Red Team Lead matt@inguardians.com Introduction to Attack Methodology Guide for consistent testing Authors: Matthew Carpenter Travis

105 views • 8 slides
Web Application Security Assessment Policy John Hally John.hally@comcast.net Why This Policy?

Web Application Security Assessment Policy John Hally John.hally@comcast.net Why This Policy?

Web Application Security Assessment Policy John Hally John.hally@comcast.net Why This Policy? Limit attack surface of our web applications Web application flaws/vulnerabilities are a major attack vector Protect Company

195 views • 6 slides
Attacking with HTML5 Lavakumar Kuppan Who am I ? Web Security Researcher of Attack and

Attacking with HTML5 Lavakumar Kuppan Who am I ? Web Security Researcher of Attack and

A TTACK TTACK & D EFENSE EFENSE labs Attacking with HTML5 Lavakumar Kuppan Who am I ? Web Security Researcher of Attack and Defense Labs, www.andlabs.org Penetration Tester @ really big bank Author of Imposter & Shell

872 views • 58 slides
Bro 2.0 and Beyond Network Attack Detection and Defense Early Warning Systems Schloss Dagstuhl,

Bro 2.0 and Beyond Network Attack Detection and Defense Early Warning Systems Schloss Dagstuhl,

The Bro Network Security Monitor Bro 2.0 and Beyond Network Attack Detection and Defense Early Warning Systems Schloss Dagstuhl, 2012 Dagstuhl 2012 2 Outline Bro Introduction Much different from the typical IDS you may know Hot off

742 views • 63 slides
DOLPHIN ATTACK GUOMING ZHANG, CHEN YAN PRESENTED BY JACOB BEDNARD WAYNE STATE UNIVERSITY CSC6991

DOLPHIN ATTACK GUOMING ZHANG, CHEN YAN PRESENTED BY JACOB BEDNARD WAYNE STATE UNIVERSITY CSC6991

DOLPHIN ATTACK GUOMING ZHANG, CHEN YAN PRESENTED BY JACOB BEDNARD WAYNE STATE UNIVERSITY CSC6991 Overview Soundwaves and Digital Signal Processing (DSP) Attack Methodology Defense Mechanisms Demonstration Videos Soundwaves and

657 views • 33 slides
Defense Security Service Defense Security Service Cybersecurity Operations Division

Defense Security Service Defense Security Service Cybersecurity Operations Division

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

490 views • 33 slides

More recommend