Abstract
Attack trees are an established concept in threat and risk analysis. They build the basis for numerous frameworks aiming to determine the risk of attack scenarios or to identify critical attacks or attack paths. However, existing frameworks do not provide systematic analyses on the asset-level like the probability of successful or near-successful attacks on specific assets. But these insights are important to enable decision-makers to make more informed decisions. Therefore, a generic approach is presented that extends classical attack tree approaches by asset-specific analyses. For this purpose, the attack steps in the attack trees are annotated with corresponding assets. This allows identifying the attack paths each asset is exposed to. In combination with the standard attack tree parameter “probability of attack success”, a set of complementary attack success and protection metrics can be applied on each step of the paths. Furthermore, an integrated visualisation scheme is proposed that illustrates the results in a comprehensible way so that decision-makers can intuitively understand what the metrics indicate. It also includes several features improving usability and scalability. As proof of concept, we have implemented a prototype of our proposed method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Inclusion-exclusion principle. https://mathworld.wolfram.com/Inclusion-ExclusionPrinciple.html (2020). Accessed 04 May 2020
Fink, G.A., North, C.L., Endert, A., Rose, S.: Visualizing cyber security: usable workspaces. In: 2009 6th International Workshop on Visualization for Cyber Security, pp. 45–56 (2009)
Holm, H., Shahzad, K., Buschle, M., Ekstedt, M.: P\(^{2}\) cysemol: predictive, probabilistic cyber security modeling language. IEEE Trans. Dependable Secure Comput. 12(6), 626–639 (2015)
Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving attack graph visualization through data reduction and attack grouping. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 68–79. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85933-8_7
Hong, J.B., Kim, D.S., Chung, C.J., Huang, D.: A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26, 1–16 (2017)
Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75–85 (2010)
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_23
Johnson, P., Vernotte, A., Ekstedt, M., Lagerström, R.: pwnpr3d: an attack-graph-driven probabilistic threat-modeling approach. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 278–283 (2016)
Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3230833.3232799
Karray, K., Danger, J.-L., Guilley, S., Abdelaziz Elaabid, M.: Attack tree construction and its application to the connected vehicle. In: Koç, Ç.K. (ed.) Cyber-Physical Systems Security, pp. 175–190. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98935-8_9
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: Adtool: security analysis with attack-defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) Quantitative Evaluation of Systems, pp. 173–176. Springer, Heidelberg (2013)
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: don’t miss the forest for the attack trees. Technical report (2014)
Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Technical report, Massachusetts Inst of Tech Lexington Lincoln Lab (2005)
Noel, S., Jacobs, M., Kalapa, P., Jajodia, S.: Multiple coordinated views for network attack graphs. In: IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05), pp. 99–106. IEEE (2005)
Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118 (2004)
Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: A logic-based network security analyzer. In: USENIX Security Symposium. vol. 8, pp. 113–128. Baltimore, MD (2005)
Paul, S., Vignon-Davillier, R.: Unifying traditional risk assessment approaches with attack trees. J. Inf. Secur. Appl. 19(3), 165–181 (2014). http://www.sciencedirect.com/science/article/pii/S2214212614000180
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New security Paradigms, pp. 71–79 (1998)
Sawilla, R.E., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 18–34. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_2
Schmitz, C., Pape, S.: Lisra: lightweight security risk assessment for decision support in information security. Comput. Secu. 90, 101656 (2020)
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Atluri, V. (ed.) Data and Applications Security XXII, pp. 283–296. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70567-3_22
Williams, L., Lippmann, R., Ingols, K.: An interactive attack graph cascade and reachability display. In: VizSEC 2007, pp. 221–236. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78243-8_15
Yusuf, S.E., Hong, J.B., Ge, M., Kim, D.S.: Composite metrics for network security analysis. Softw. Netw. 2017(1), 137–160 (2018)
Acknowledgments
This work was partially supported by European Union’s Horizon 2020 research and innovation program from the project CyberSec4Europe (grant agreement number: 830929). We also thank Niklas Paul for his contribution to the prototype implementation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Schmitz, C., Sekulla, A., Pape, S. (2020). Asset-Centric Analysis and Visualisation of Attack Trees. In: Eades III, H., Gadyatskaya, O. (eds) Graphical Models for Security. GraMSec 2020. Lecture Notes in Computer Science(), vol 12419. Springer, Cham. https://doi.org/10.1007/978-3-030-62230-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-62230-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62229-9
Online ISBN: 978-3-030-62230-5
eBook Packages: Computer ScienceComputer Science (R0)