Posted by Synopsys Editorial Team on April 8, 2015
Picture a group of thieves planning a major heist at a Las Vegas casino, à la Ocean’s Eleven. To minimize the chances of getting caught red-handed and to maximize the haul, they need to outline each step of their plan.
A map of their strategy might look something like this. The attackers’ goal—rob the casino—is at the top, with several potential attack paths leading up to it.
This is an example of an attack tree—a methodological, graphical representation of an attack from the perspective of the attacker.
Attack trees like this one have been used to identify security vulnerabilities in all types of complex systems, such as Supervisory Controls and Data Acquisition (SCADA) networks, biometric systems, and GSM radio access networks.
In your application testing strategy, using attack trees can help you simulate various attack scenarios and make decisions on how best to protect your applications. You’ll be able to pinpoint systems and controls that are most at risk for an attack and construct specific countermeasures more effectively.
When creating an attack tree, first place yourself in the position of a potential hacker. What is your overarching goal? Are you trying to access customer data? Disrupt the flow of business? Place that goal at the top of the tree. This is the “root node.”
Beneath it, break the highest-level goal into a series of forks, or “leaf nodes,” denoting incremental, more manageable objectives and the steps necessary to reach them. Brainstorm the ways you could attain your goal and add them your tree.
Use “or” nodes to represent the different ways to reach a goal. In the casino heist example, you could rob the casino by raiding the registers at gunpoint or using an insider to steal cash and chips.
“And” nodes are the steps required to achieve each sub-goal. In our Ocean’s Eleven scenario, the burglars’ elaborate scheme included a series of steps, all of which were essential to achieving their overall goal: breaching the vault with explosives, disrupting the power to conceal the vault breach, and accessing the vault security codes.
After plotting each avenue of attack, determine the likelihood that these attacks will occur. Each line of attack will require a certain set of resources, such as money, time, or skill. To assess the requirements, assign values to each node, such as whether it is possible, how costly it is, and whether it requires special skills or equipment.
After you create your trees and assign values to each node, you are better prepared to make proactive security decisions. Here are four ways you can use attack trees as part of application security testing to identify, remediate, and prevent security flaws.
Faced with the growing complexity of applications and growing maturity of potential hackers, you need a way to forecast and address potential risks that is both powerful and easy to construct.
Attack tree models help you dissect potential attacks into steps, pinpointing vulnerabilities and identifying countermeasures. Incorporate them into a comprehensive application security testing plan so that you can proactively allocate your resources and budget.