From: Razvan Peteanu (razvan-peteanu@rogers.com)
Date: Mon Apr 08 2002 - 21:42:28 EDT
Have a look at http://members.rogers.com/razvan.peteanu/ for a way to
represent attack trees in XML and graph them with Graphviz. Comments are
welcome.
Razvan
-----Original Message-----
From: Kruse, Darren (DEH) [mailto:Kruse.Darren2@saugov.sa.gov.au]
Sent: Thursday, March 21, 2002 10:00 PM
To: 'pen-test@securityfocus.com'
Subject: best tool to draw attack trees ??
I'm puzzling over what is the best way to draw attack trees.
Attack trees provide a formal, methodical way of describing the security of
systems, based on varying attacks. Basically, you represent attacks against
a system in a tree structure, with the goal as the root node and different
ways of achieving that goal as leaf nodes.
Bruce Schnier's Secrets and Lies - Digital Security in a Networked World
http://www.amazon.com/exec/obidos/ASIN/0471253111/qid=1016671800/sr=8-1/ref=
sr_8_67_1/002-8209990-0206427 , in particular chapter 21 covers Attack Trees
There's also a DDJ article on attack trees
http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm (also by Bruce
Schnier) that covers virtually the same ground as the book.
I'm thinking that it would make a really good motivational tool for
management to see what all the threats are against our systems.
Having a documented attack tree would also help me in identifying what holes
,and threats I need to worry about RIGHT NOW !
My first thought was to wade in, and start drawing with Visio - making use
of the layers feature to distinguish between different sets of values..
Possible / Impossible Cost script kiddie tool released ?
etc..
But does anyone know of a more "closely-suited" tool than Visio ? I've done
a google search on "attack tree" software, and come up blank.
There are cheaper alternatives to Visio - maybe Kivio mp
http://www.thekompany.com/products/kivio/faq.php3 ?? Unfortunately, the KDE
version (Kivio without the mp suffix) doesn't do layers. :-(
Would a web interface be better ? - certainly for navigating between
threats, but how about when you want to see a larger part of the tree ? , or
the whole attack tree ??
Maybe MS Project ? - it's good at showing inter-related tasks , that have
dependancies and costs, and can output to HTML as well.
How about when I want to add , or share bits of someone else's attack tree ?
It would be cool to be able to download discrete sub-branches, just like you
download additional Snort IDS signatures.
Darren Kruse CCNP CCDP
WAN/LAN Networking Consultant
Mobile : (+61) 0407 446 399
mailto://darren_kruse@hotmail.com
http://www.geocities.com/darren_kruse
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT