ATTACK TREES

GROUP MEMBERS

HOLLYNESS TSHABALALA R195912Q

MANDIPA MHLANGA R195848M
NOEL MUNYENGA R197202X
GAVIN M PHIRI R195859N
MUNASHE MUDZONGWE R195898E
Introduction
● According to Schneier 1999, one of the earliest published writers on attack trees, an attack tree model threats against
computer systems using tree structure
● an attack tree is a method of threat modelling used in computer security to visualize and analyse potential attacks on a
system
● They visually represent how an attacker might exploit vulnerabilities in to achieve specific goals within a system

Weakest link property

- A security system is only as strong as its weakest link

- Therefore to reinforce security the weakest link must be detected
- This is done through use of tree structure/attack trees to model events
Structure of an attack tree
● An attack tree has tree like structure cosisting of one root node and many child nodes.
● Root/Parent node :The attackers ultimate goal
● Children/branch nodes : Methods and sub-methods of achieving that goal showing the various
vulnerabilities that can exploited by the attacker.A child node can be an AND or an OR node
● We begin at the bottom/ leaf node and advance to the parent node.
How to create an attack tree
Step 1 - define the goal of the attack eg data breach, denial of service

Step 2 - identify the different ways the goal can be achieved

Step 3 - break down each method into sub-methods

Step 4 - continue to break down the each method until it reaches a specific action/event
Example of an attack trees with OR child nodes
● If a parent node has 2 child nodes and the child nodes are OR nodes then;

If any one of the conditions of the child node can be satisfied then the parent node can be satisfied
Example of an attack trees with AND child nodes
● If the child nodes are AND nodes then;

All the conditions of the child node must be satisfied in order to satify the parent node
Benefits of attack trees

● Security professionals gain a better understanding of the different ways attackers can target their systems
● Attack trees help identify potential weaknesses in a system
● Allow a visual representation of threats that is easy to understand
Disadvantages of attack trees

● Limited scope in that attack trees focus on a single vulnerability and therefore do not represent the
intersection of certain attacks
● The effectiveness of an attack tree depends on the depth of knowledge and expertise of the person creating
it. Attack trees created by people with little knowledge will be shallow
Case Study 1 : Downloading an infected file
● When the virus runs as a root hole it exploits a system vulnerability to get higher privilege i.e that of an
administrator. This vulnerability could be a missing security patch allowing the virus to bypass security
measures
● The naked binary/ raw executable file is disguised as a familiar icon e.g document or file update to trick
the admin into installing it
● Since the admin is installing it, there are higher privileges associated with the admin that allow the
bypassing of normal security mechanisms
Case Study 2 : Bypassing authentication
Case Study 3 : Opening safe

● Mr Gavin, a prominent business man has a safe in his office where he stores his cash. The safe is encrypted
with a 4 digit pin that only him and his secretary know. In trying to check if his safe is secure, Mr Gavin
decides to use an attack tree
Case Study 3