Accession Number : ADA472310


Title :   A Framework For Analyzing And Mitigating The Vulnerabilities Of Complex Systems Via Attack And Protection Trees


Descriptive Note : Doctoral thesis


Corporate Author : AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT


Personal Author(s) : Edge, Kenneth S


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a472310.pdf


Report Date : Jul 2007


Pagination or Media Count : 219


Abstract : Attack trees have been developed to describe processes by which malicious users attempt to exploit or break complex systems. Attack trees offer a method of decomposing, visualizing, and determining the cost or likelihood of attacks. Attack trees by themselves do not provide enough decision support to system defenders. This research develops the concept of using protection trees to offer a detailed risk analysis of a system. In addition to developing protection trees, this research improves the existing concept of attack trees and develops rule sets for the manipulation of metrics used in the security of complex systems. This research specifically develops the framework for using an attack and protection tree methodology to analyze the security of complex systems. The structure of attack trees is extended and modified to create protection trees. To validate the effectiveness of the methodology, the Schematic Protection Model (SPM) is used. The SPM is extended and applied to verify that a system protected using the attack and protection tree methodology is safe. To demonstrate the general usefulness of this novel methodology, it is used to analyze the security of several varied domains including computer networks, online banking, homeland security, and mobile ad hoc networks.


Descriptors :   *DATA PROCESSING SECURITY , *COMPUTER NETWORKS , *RISK ANALYSIS , VULNERABILITY , ONLINE SYSTEMS , THESES


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE