The purpose of this article is to explore how an organization might be able to use Attack Trees to collect information for IriusRisk automation of threat modeling across the organization.
Attacks trees provide a graphical analysis of how threat actors and attack chains accomplish objectives. They sometimes include probability estimates and sequential process descriptions.
IriusRisk is built to automate and scale threat modeling across an organization which means that performing an attack tree for every single possible threat would be quite time consuming. However, if an organization has a set of threats where attack trees have some repeatability with some variation from application to application or system to system then those patterns can be reproduced into IriusRisk through libraries (risk patterns, use cases, threats, and weaknesses) and templates.
In the below example, we will explore how this attack chain could be brought into IriusRisk and then automated for future threat modeling. In this example we see an attack tree for stopping an server service or disrupting a security camera system.
Reproducing this attack tree in IriusRisk would provide the following:
If an attacker is able to gain access to the root account, then they would be able to shutdown the server resulting in a loss in services
Exploit FTP Vulnerability
Port 21 is not secured
Disable insecure and/or unused ports
Provide patching and updates in a timely manner against vulnerabilities
|If an attacker is able to successfully execute a Dos Attack, they would be able to overwhelm available connections resulting in server availability disruption||
Systems are not designed to scale automatically
Distributed Denial of Services protections are not enabled
Provide elastic scaling for online resources
Enabled DDoS protections
If internet services become unavailable, then the server and server resources would be unavailable for the remote resources
|Lack of redundancy in internet connectivity||Provide n+1 data connectivity|
These items could be built into a library risk pattern or added as a template. The benefits of both are described below:
- Risk pattern - Can be attached to a component or can be dynamically added whenever certain conditions are met (e.g., condition - public facing web application, action - insert risk pattern/use case/threat)
- Template - Can serve as the starting point (a full threat model) for any type of public facing web application.
Both of these items can be easily built and scaled within IriusRisk.