Attack Modeling for Information Security Survivability

Attack Modeling for Information Security Survivability -...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Attack Modeling for Information Security and Survivability Andrew P. Moore Robert J. Ellison Richard C. Linger March 2001 Survivable Systems Unlimited distribution subject to the copyright Technical Note CMU/SEI-2001-TN-001
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The Software Engineering Institute is a federally funded research and development center sponsored by the U.S. Department of Defense. Copyright 2001 by Carnegie Mellon University. NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder. Internal use. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use. Requests for permission to reproduce this document or prepare derivative works of this document for external and commercial use should be addressed to the SEI Licensing Agent. This work was created in the performance of Federal Government Contract Number F19628-00-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 52.227-7013. For information about purchasing paper copies of SEI reports, please visit the publications portion of our Web site (http://www.sei.cmu.edu/publications/pubweb.html).
Background image of page 2
CMU/SEI-2001-TN-001 i Contents 1 Introduction 1 1.1 The Problem 1 1.2 ACME Enterprise 2 2 Attack Trees 4 2.1 Structure and Semantics 4 2.2 ACME Attack Tree 5 3 Attack Pattern Reuse 8 3.1 Attack Patterns 8 3.2 Attack Profiles 11 4 Attack Tree Refinement 13 4.1 Profile/Enterprise Consistency 14 4.2 Pattern Application 15 5 Conclusions 20
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ii CMU/SEI-2001TN-001
Background image of page 4
CMU/SEI-2001-TN-001 iii List of Figures Figure 1: ACME, Inc. Enterprise Architecture 3 Figure 2: High-Level Attack Tree for ACME 6 Figure 3: Web Server Attack Refinement 7 Figure 4: Buffer Overflow Attack 10 Figure 5: Unexpected Operator Attack Figure 6: Internet-Based Enclave Attack Reference Model 12 Figure 7: Attack Tree Refinement Process 13 Figure 8: ACME Enterprise Intranet 14 Figure 9: PTN-Based Enclave Attack Reference Model 15 Figure 10: Buffer Overflow Attack Refinement 16 Figure 11: Applying Attack Patterns 17 Figure 12: Unexpected Operator Attack Refinement 19
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
iv CMU/SEI-2001-TN-001
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 31

Attack Modeling for Information Security Survivability -...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online