A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees

Quantified Score

Visualization

Abstract

In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break complex systems. Attack trees offer a method of decomposing, visualizing, and determining the cost or likelihood of attacks. Attack trees by themselves do not provide enough decision support to system defenders. The defenders need methods to determine which protections to implement and where to place them in the system to mitigate the vulnerabilities found. This research develops the concept of using protection trees to offer a detailed risk analysis for the protection of a system. In addition to developing protection trees, this research improves the existing concept of attack trees as well as developing rule sets for the manipulation of metrics used in the security of complex systems. This research specifically develops the framework for using an attack and protection tree methodology to analyze the security of complex systems. To accomplish this, the structure of attack trees is extended and modified to create the concept of protection trees. To validate the effectiveness of the methodology, the Schematic Protection Model (SPM) is used. The SPM is extended and applied to verify that a system protected using the attack and protection tree methodology is safe. To demonstrate the general usefulness of this novel methodology, it is used to analyze the security of several varied domains including computer networks, online banking, homeland security, and mobile ad hoc networks.