----- Original Message -----
From: "Kruse, Darren (DEH)" <Kruse.Darren2 () saugov sa gov au>
To: <pen-test () securityfocus com>
Sent: Thursday, March 21, 2002 7:00 PM
Subject: best tool to draw attack trees ??
I'm puzzling over what is the best way to draw attack trees.
Attack trees provide a formal, methodical way of describing the security
systems, based on varying attacks. Basically, you represent attacks
a system in a tree structure, with the goal as the root node and different
ways of achieving that goal as leaf nodes.
Bruce Schnier's Secrets and Lies - Digital Security in a Networked World
sr_8_67_1/002-8209990-0206427 , in particular chapter 21 covers Attack
There's also a DDJ article on attack trees
http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm (also by Bruce
Schnier) that covers virtually the same ground as the book.
I'm thinking that it would make a really good motivational tool for
management to see what all the threats are against our systems.
Having a documented attack tree would also help me in identifying what
,and threats I need to worry about RIGHT NOW !
My first thought was to wade in, and start drawing with Visio - making use
of the layers feature to distinguish between different sets of values..
Possible / Impossible Cost script kiddie tool released ?
But does anyone know of a more "closely-suited" tool than Visio ? I've
a google search on "attack tree" software, and come up blank.
There are cheaper alternatives to Visio - maybe Kivio mp
http://www.thekompany.com/products/kivio/faq.php3 ?? Unfortunately, the
version (Kivio without the mp suffix) doesn't do layers. :-(
Would a web interface be better ? - certainly for navigating between
threats, but how about when you want to see a larger part of the tree ? ,
the whole attack tree ??
Maybe MS Project ? - it's good at showing inter-related tasks , that have
dependancies and costs, and can output to HTML as well.
How about when I want to add , or share bits of someone else's attack tree
It would be cool to be able to download discrete sub-branches, just like
download additional Snort IDS signatures.
Darren Kruse CCNP CCDP
WAN/LAN Networking Consultant
Mobile : (+61) 0407 446 399
mailto://darren_kruse () hotmail com
This list is provided by the SecurityFocus Security Intelligence Alert
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please