What is attack tree and

methods
What is attack tree
• Attacks tree are a method of graphically representing the possible attacks
against a system via the use of an attack tree diagram which is similar to a
structured tree diagram.
• Attack trees are conceptual diagrams showing how an asset, or target,
might be attacked.
• Attack trees have been used in a variety of applications. In the field of
information technology, they have been used to describe threats on
computer systems and possible attacks to realize those threats.
What is attack tree
• Attack trees are multileveled diagrams consisting of one root, leaves, and
children.
• From the bottom up, child nodes are conditions which must be satisfied to
make the direct parent node true; when the root is satisfied, the attack is
complete.
• A node may be the child of another node; in such a case, it becomes logical
that multiple steps must be taken to carry out an attack.
• As such, attack trees may turn out to be of interest to the security
community at large as a standard notation for threat analysis documents.
What is attack tree
• A basic attack tree would be focused around a central root node or
objective. Such an objective might be to obtain a user’s password. An
attack tree has a root node and leaf nodes.
• The root node represents the target of the attack, while the leaf nodes
represent the means for reaching the target, which are the events that
comprise the attack.
• The root node can represent a goal of the adversary or a high-impact
action.
• Each goal is represented by a separate tree and results in a forest of attack
trees.
What is attack tree
• Trees can be either AND-or OR-trees.
• A node in an AND-tree is only true if all the nodes below are true, while
nodes in an OR-tree are considered true if any of the sub-nodes below are
true.
• Sub-nodes of high-impact actions should state what can go wrong for the
node, while sub-nodes of a root node based on an attacker goal should
present different ways the attacker can achieve that goal.
• Alternative ways to achieve that same goal are presented as unique sub-
nodes.
What is attack tree
• There are a number of advantages of the attack tree diagram approach,
which include:
• The attack tree diagram allows the modelling of complex security
threats to generate greater understanding;
• The attack tree diagram allows for security threats to be broken down
into their sub-components, again enhancing understanding
• The approach allows for the linkage between threats and security
countermeasures and directly identifies the link between a
countermeasure and the specific threat within the attack tree diagram.
What is attack tree
• Attack trees allow users to understand possible threats against systems,
visualize those threats and assign various metrics to determine which
threats are most likely to occur.
• Fault tree analysis (FTA), similar to attack tree analysis, has been used
since the early 1960s to perform safety and reliability evaluations in high-
hazard industries including originally the U.S. Air Force Ballistic Systems
Division
Thanks