They are a variation of fault trees, where the concern is a security breach instead of a system failure. Thus, an attack tree is able to model all possible attacks against a system, just as a fault tree models all failures. In particular, an attack tree represents attacks using a tree structure, where the root node is the attacker goal (or subgoal) and the leaf nodes are atomic attacks that represent all the possible ways an attacker can achieve the goal.
Published in Chapter:
Methods for Dependability and Security Analysis of Large Networks
Ioannis Chochliouros (OTE S.A., General Directorate for Technology, Greece), Anastasia S. Spiliopoulou (OTE S.A., General Directorate for Regulatory Affairs, Greece), and Stergios P. Chochliouros (Independent Consultant, Greece)
Copyright: © 2009
|Pages: 9
DOI: 10.4018/978-1-60566-014-1.ch125
Abstract
Dependability and security are rigorously related concepts that, however, differ for the specific proprieties they mainly concentrate on. In particular, in most commonly applied cases found in practical design techniques (Piedad & Hawkins, 2000), the dependability concept usually includes the security one, being a superset of it. In typical cases, security mainly comprises the following fundamental characteristics: confidentiality, integrity, and availability. Indeed, dependability mainly encompasses the following attributes (Avizienis, Laprie, Randell, & Landwehr, 2004): (1) availability: readiness for correct service; (2) reliability: continuity of correct service; (3) safety: absence of catastrophic consequences on the user(s) and the environment; (4) confidentiality: absence of unauthorized disclosure of information; (5) integrity: absence of improper system alterations; and (6) maintainability: ability to undergo modifications and repairs. The present work primarily intends to deal with formal methods, appropriate to perform both security and dependability analysis in modern networks. In general, security analysis of great networks takes the form of determining the exploitable vulnerabilities of a network, and intends to provide results or appropriate informative (or occasionally experimental) data about which network nodes can be compromised by exploiting chains of vulnerabilities, as well as specifying which fundamental security properties are altered (e.g., Confidentiality, Integrity, Availability). Therefore, such type of analysis is also referred as “network vulnerability analysis.” On the other hand, dependability analysis of networks typically intends to determine specific dependencies within the nodes (or the services offered) of the (appropriate) underlying network, so as to provide results about the consequences of (potential) faults (on services or hosts) and to find out which among these faults are able to cause unacceptable consequences, in terms of the basic dependability attributes. At this specific evaluation, it should be noted that it is possible to consider attacks (as well as attack consequences) as faults.