Introduction to attack trees Essay

When analysing the security menaces to a system the system analyst is forced to trust on an “ Ad hoc brainstorming procedure ” ( Schneier, 2004, p. 318 ) to seek and gestate what purposes an aggressor could hold in aiming a system and the methods they could utilize to transport out their onslaught. The restriction to the ad hoc attack is that the analyst could lose an country of possible exposure or even concentrate available resources on an onslaught that is highly improbable go forthing the door broad unfastened for more likely onslaughts to happen.

The Attack Tree procedure developed by Bruce Schneier seeks to replace bing ad hoc processes with one that provides a procedure for measuring the menaces of an onslaught against a system and what processs can be put in topographic point to forestall them ( p. 318 ) . The procedure seeks to first place an aggressor ‘s end and so analyzes the methods they could utilize to carry through their end so resources are assigned suitably. In an Attack Trees, onslaughts against a system are represented by a tree construction with “ the end as the root node and different ways of accomplishing that end as foliage nodes ” ( p. 318 ) .

We will write a custom essay sample on
Introduction to attack trees Essay
or any similar topic only for you
Order now

The Importance of Using an Attack Tree Process

An Attack Tree procedure is a utile tool to seek and analyse the different ways an aggressor could accomplish their end. There are several benefits / advantages that can be attributed to a well developed procedure in the instance of Attack Trees you could:

  • Create an multi input iterative procedure: An Attack Tree enables a system analyst to implement a procedure where people with different backgrounds / skill sets can add their input to assist analyse possible menaces and what can be done to contradict these menaces. Since the procedure is besides iterative you can guarantee that it is continually improved upon, this is of import because it is improbable that the aggressors are non continually bettering their methods.
  • Capture and recycle the procedure for future undertakings: In capturing the information created from a procedure you could guarantee that the following clip a system is being developed you will hold a depository to look to for mention on possible security menaces and methods of covering with them. Since the system analyst is non working from abrasion there is a economy of clip and money. In making and recycling a procedure you besides help guarantee consistence and dependability.
  • Calculate the hazard of a type of onslaught: Different onslaughts have different chances of happening every bit good as have different costs associated with them. If an onslaught is low addition but has a high cost of bar it wo n’t be deserving it to forestall against it ( Buldas, Laud, Priisalu, Saarepera and Willemson, 2006 )
  • Can be broken down in to multiple pieces: By making a scalable procedure you do n’t hold to hold person who is an expert in every individual country alternatively you could hold capable affair experts look at the system and offer their input.

The Latest Developments in Attack Tree Processes

Since Schneier introduced the construct of Attack Trees ( 1999 ) several other research workers have worked to ticket tune the procedure. Buldas et Al. have offered a more accurate estimation of the chance of an onslaught and how it in bend influences the cost of forestalling against such an onslaught ( 2006 ) .

By researching what kind of net income an aggressor could derive from carry oning the onslaught ( e.g. stealing a rivals designs ) and weighing the net income against the cost of the onslaught ( e.g. traveling to imprison ) the system analyst will be able to see if wages is relative to the hazard the aggressor takes. If an aggressor feels that the wages is non relative to the hazard involved, so the chance of an onslaught occurring is reduced and in bend the resources required to protect the system from such an onslaught could be reduced as good.

Practical illustrations of industries that could profit from utilizing an Attack Tree methodological analysis have besides been outlined. Sommestad, Ekstedt and Nordstr & A ; Atilde ; ¶m ( 2009 ) have written a model for the practical application of utilizing Attack Trees along with other procedures to pull off the security of power communicating systems.

Since power coevals is a “ basis of society ‘s critical substructure ” ( Sommestad et al. , 2009, p. 1 ) the protection of the Wide Area Networks that back up them is a top precedence. However security for such a system is complicated by factors such as ; systems of changing age, different degrees of criticalness and geographical placement of such systems.

Attack Trees in Relation to My Personally Experience

When I took a class in “ Project Management ” I read an article “ Secrets to Making the Exclusive Accurate Estimate. ” The writer mentioned that a undertaking director should cognize that a undertaking without hazard analysis is useless ( Gray, 2001 ) . Before we set up countermeasures to extenuate the hazards, we need to cognize what the menaces are. The cardinal construct of an Attack Tree procedure is to analyse the relation between cause and effect of malicious attractive force. Analyzing the cause and consequence of an action is a accomplishment I often use to do effectual determinations. I list all possible options, analyze the result of each option, and gauge the cost I will pay for taking a peculiar option. For case, I would wish to extinguish the mice in my flat. I can utilize mouse toxicant, a glue trap, or engage a professional. There are assorted trade names of mouse toxicants and glue traps available on the shelves. I might necessitate make some research to analyse their effectivity and the environmental impact one time I used them. Besides, if I do n’t desire to see or dispose of the organic structure of the mouse, the gum trap might non be a good pick. Hiring a professional could be an efficient option, but it might be me a batch. Based on my budget and other comparative factors, I can construct up an Attack Tree for my Mouse War and utilize it to help me to do the best determination.

However, the true value of an Attack Tree lies in its ability to help people in analysing factors of exposure and gauging the feasibleness of patterns with more complex fortunes such as the incorporation of a networking system. Furthermore since Attack Trees provide a systematic methodological analysis which is traceable and reclaimable it means that non merely will the analyst who developed the Attack Tree procedure be able to use it, but they could besides manus down the procedure to others ( Network & A ; Security Technologies, I. , 2005 ) . Once a basic templet has been completed such as an Attack Tree for a virus onslaught, this Attack Tree could be reused as a subdivision in a more complex theoretical account. The analyst does n’t hold to reconstruct it iteratively.

The Potential of Attack Trees to Impact Business

The IT industry, today, is spread outing at an huge rate. Meanwhile, the fast ones used by aggressors improve at a gait beyond which we can conceive of. Not merely do concerns that are to a great extent invested in IT have to germinate to contend these malicious menaces, but besides all concern are supposed to fit themselves with the ability to cover with emerging menaces.

Intuition and experience can assist a security analyst anticipate a barbarous onslaught and cut down the harm from it ( Ingoldsby, T. R. , 2009 ) . However, the manners of onslaught are introducing rapidly and both intuition and experience are difficult to go through to others. So, concern demands a process-based tool such as an Attack Tree to analyse menaces. Furthermore, Attack Trees could be a span to link an experient analyst with others ( Ingoldsby, T. R. , 2009 ) . An analyst created Attack Tree could explicate the principle behind their procedure and people could larn and pull out intelligence from the Attack Trees. As a consequence of following an Attack Tree procedure, security analysts could construct a more efficient communicating mechanism.

In add-on, one of the characteristics of Attack Trees is reusability, while executing risk-analysis, it is non necessary to re-build a new Attack Tree procedure. A security analyst merely needs to recover a comparative already designed Attack Trees procedure and pare it to suit the new mission. For a concern this process non merely saves clip and money, but besides helps improves the procedure. Since we are making an Attack Tree based on old one, it is a manner to roll up experience to do the new Attack Tree more comprehensive.

Companies no affair if they are IT related or non, are concerned about internet security issues. Some of them will look to an IT consulting house for advice. Therefore, some IT consulting houses introduce Attack Tree to their clients. You can easy surf their web site and get the expressed cognition of Attack Tree, for case, the web site of Amenaza ( hypertext transfer protocol: // ) . Furthermore, some companies have developed a alone Threat Risk Analysis ( TRA ) methodological analysis based on the Attack Tree procedure ( Amenaza Technologies Limited, 2009 ) . Although this could be perceived as an extension of Attack Trees, these confer withing houses possess sole cognition of Attack Tree processes which will assist them construct up their repute.


Malicious cyberspace onslaughts happen every twenty-four hours. The best attack to protect yourself is to calculate an aggressor ‘s behaviour before the catastrophe happens. There could be 1000s of types of feasibleness menaces, such as ; virus infections, a hacking onslaught, an internal onslaught, etc… so we need a methodological analysis to pull off the TRA. An Attack Tree could be a powerful tool if it is decently implemented.


  • Schneier, B. ( 2004 ) . Secrets and prevarications: digital security in a networked universe. Wiley.
  • Buldas, A, Laud, P, Priisalu, J, Saarepera, M, & A ; Willemson, J. ( 2006 ) . Rational Choice of Security Measures via Multi-Parameter Attack Trees. Critical Information Infrastructures Security, 4347.
  • Sommestad, T, Ekstedt, M, & A ; Nordstr & A ; Atilde ; ¶m, L. ( 2009 ) . patterning security of power communicating systems utilizing defence graphs and influence diagrams. IEEE Transactions on Power Delivery, 24 ( 4 ) ,
  • Schneier, B. ( 1999 ) . Attack trees. Dr. Dobb ‘s diary, 24 ( 12 ) ,
  • Gray, N. S. ( 2001, August ) . Secrets to Making the Exclusive ‘Accurate Estimate ‘ . PM Network, 4.
  • Network & A ; Security Technologies, I. ( 2005 ) . Attack Tree/Threat Modeling Methodology. from hypertext transfer protocol: //
  • Ingoldsby, T. R. ( 2009, Jan. , 16 ) . Attack Tree Analysis. Red Team, from hypertext transfer protocol: //
  • Amenaza Technologies Limited. ( 2009 ) . Amenaza SecurlTree. from hypertext transfer protocol: //

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out