Analysis of Attack Tree Methodology

Analysis of encounter Tree Methodology tuition technology (IT) Security has bewilder more and more important today when as e-commerce is becoming increasingly popular. People in developed countries like America and throughout European countries work been exposed to online trading for a long time this trend is to a fault taking off in developing countries in other parts of the world. in like manner its importance toward business enterprise activities, IT security also plays a pivotal role in protecting individuals, fundamental laws assets, which ar in truth parts of the business operations. Variety methods of securing business draw a bead on in been developed and implemented successfully. Attack Trees is one of those. Not unless in Information Technology, Attack Trees is also applicable to security problems in a wide range of fields including telecommunications, health care, finance, critical infrastructure, aerospace, intelligence and defense.To secure your business against impending risks, you first occupy to define all kinds of possible risks and path behaviors that those risks strength be realized. Acknowledging risks and how they might happen, you will be able to develop measures to fight against or mitigate them. This is also what Attack Trees helps clarify. Attack Trees is a formal, convenient way to methodically categorize the different ship posterioral (how the risks happen) in which a system can be attacked1 (risks). Attack manoeuvres are a graphical and mathematical score utilize toIdentify potential hostile activities that pose the greatest risk to the defenderDetermine effective (and cost effective) strategies for reducing the defenders risk to an acceptable take aimDescribe the potential interactions between the adversary and the defenderProvide a communication mechanism for security analystsCapture what is known (facts) and believed (assumptions) about the system and its adversaries, and put in the information in a form that can subsequently be retrieved and understood by others2Attack tree models are graphical diagrams representing the choices and goals available to an attacker. They are represented in a tree structure, in which the root node of the tree is the global goal of an attacker and flicker nodes are different slipway of achieving that goal. In an attack tree, children of the root node are refinements of the global goal, and leaf nodes represent attacks that can no longer be refined. A refinement can be conjunctive (AND) or disjunctive (OR). Figure 1 shows an example of an attack tree with the goal of the attacker is to obtain a free lunch3. The tree lists three possible ways to reach this goal. Lower levels in the tree explain how these sub-goals are refined. The arc connecting the children nodes expresses that this is a conjunctive (AND) refinement, which means that all sub-goals rush to be fulfilled. Refinements without such a connecting arc are disjunctive (OR), expressing that satisfying o ne sub-goal sufficesThe strength of the attack tree methodology lies in the fact that its graphical, structure tree notation is easy to understand to practitioners, yet also promising for tool builders and theoreticians attempting to partially automate the threat analysis process. More and more look for papers have been used attack trees in modeling security threat of information system. Over the last year, over 15,000 articles on Google Scholar4 have been used the attack tree technique in some way. The way this technique is used now is usually by assigning different kinds of values to the leaf nodes (for example, possible and impossible, expansive and inexpensive, cost to attack, probability of success of a given attack, etc.) then propagating node values up the tree following some rules. found on that calculation, people can make some statements about attacks, for example, what is the cheapest low-risk attack or most likely non-intrusive attack5.In retrospect mortalal experien ces, we notice that what we have done in the past and until now are closely related to what is presented in Attack Trees model, although back by that time, we were not exposed to concept of Attack Trees, but the approach is basically the same. It was when we worked on a project and had to define all possible risks/threats that might happen and how we can take mitigate actions against those risks. The hardly thing that we had not paid enough attention to, and was actually very important thing, was how all those risks might happen. Failing to do this costs us a lot later on when the risk did happen in a way that we had not thought of, so did not develop appropriate apparent movement of actions and we were passively react to it. It was when we were developing an online testing system to help students prepare for entrance exam to universities6. We would have a strong team of excellent teachers from many an(prenominal) famous schools build the test content and have a team of people to import those tests, including answers (multiple choice format), into the system. We conducted training for importing team. (Also, the importing work did take a lot of time so we could not talk all the teachers into it). Things went well until the day we actually launched the Beta version. We had volunteers, who were actual pupils, do the test it was nil better for them to take free tests and receive free feedbacks. But when it came to result announce and feedbacks were given to those pupils, everything was just totally wrong many of student answers, which were actually correct, were marked incorrect and the must-be-correct answers given by the system were actually incorrect. Recalling that single day, it was a BIG shame on us, the team who worked on the project. We had a person head of quality control who would make sure that all the tests designed, including questions and answers, are without mistakes. We were very strict on that. We also had a head of training division who wil l make sure that our mates, who performed importing job, do their job carefully and without mistakes. Random test were taken earlier we launched the first version and things were all dismissal very well. We developed risk monitoring blocks and figure 2 is shown as an example. For a risk that the test is invalidate, we clarified three possible reasons design problem, importing problem and system problem. The reasons are then tracked further along blocks which are colored accordingly. So to prevent or mitigate the risk, we only need to make sure that our teacher quality is excellent, our training and importing job are done beautifully and our system will not malfunction. But we only did to the extent that, for example, as long as our collaborators work diligently and carefully, mistakes would largely be avoided. Later on, we found out the root of the problem was that one of our collaborator was person from our main competitor and he purposely destroyed our system by changing all co rrect answers just a night before the free testing event. This was the thing that we had never thought of. We did not think that we had problem right from the collaborators recruitment and that this might had been one of many possible ways that can invalidate our test bank. Until then did we know that what we called in general collaborators quality is not limited to the fact that whether they were capable of understanding and doing the job, but also including their working ethic. Consequently, we were left with everything beginning from scratch all teachers work was carefully rechecked because we did not know right away what exactly caused the problem. Almost all the import work was deleted and restarted. If we had been able to clarify this possibility, though small, we would have developed action appropriate enough to prevent it, such as lock the system and refuse any access before we launched the first version, this would have saved us money and time and prestige as well. We fina lly were able to offer a running version but it surely had cost us much more resources.7From our personal experience, we see that Attack Trees model is a very utile tool to help organizations in threat detection and appropriate mitigating action development. The model will have important and positive impact on organization business operation in that it help name all possible risks and specific pathways that those risks might become real. From that, it helps determine effective and cost effective strategies to impose risks to an acceptable level. Organizations should adopt Attack Trees model to secure themselves from any uncertainties that may happen.ReferencesAttack trees Modeling security threats. Dr. Dobbs journal Schneider (2005).Attack Trees Analysis, Terrance Ingoldsby on January 16, 2009 http//redteamjournal.com/2009/01/attack-tree-analysis/Mauw, S., Oostdijk, M. (2005) Foundations of Attack Trees Information Security and Cryptology-ICISC 2005 Springerhttp//scholar.google .com/scholar?hl=enq=attack+trees+information+systemas_sdt=2000as_ylo=2009as_vis=0Edge, K. (2007) The Use of Attack and Protection Trees to Analyze Security for an Online Banking System. HICSS 07 Proceedings of the 40th one-year Hawaii International Conference on System Sciences.This is how universities in my country recruit prospective students, they do not pocketbook on applications but base on result of actual tests, which are held by the Ministry of Education annually for all participantsOur initial project result to date http//hocmai.vn/