Scribd
Upload
359 views19 pages

Attack Surfaces and Trees in Cybersecurity

The document discusses network security concepts, focusing on attack surfaces, attack trees, and a model for network security. It categorizes attack surfaces into network, software, and human vulnerabilities, and outlines strategies for analyzing and mitigating these risks. Additionally, it highlights the importance of standards and security mechanisms in protecting against unwanted access and ensuring data integrity and confidentiality.

Uploaded by

ch muneeb
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
359 views19 pages

Attack Surfaces and Trees in Cybersecurity

The document discusses network security concepts, focusing on attack surfaces, attack trees, and a model for network security. It categorizes attack surfaces into network, software, and human vulnerabilities, and outlines strategies for analyzing and mitigating these risks. Additionally, it highlights the importance of standards and security mechanisms in protecting against unwanted access and ensuring data integrity and confidentiality.

Uploaded by

ch muneeb
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Network Security and Management

Attack Surfaces and Attack Trees, A Model for Network


Security, Standards

Week 02-II

Shakeel Ahmad
Attack Surfaces
• An attack surface consists of the reachable and
exploitable vulnerabilities in a system
• Examples:
• Open ports on outward facing Web and other servers, and
code listening on those ports
• Services available on the inside of a firewall
• Code that processes incoming data, email, XML, office
documents, and industry-specific custom data exchange
formats
• Interfaces, SQL, and Web forms
• An employee with access to sensitive information
vulnerable to a social engineering attack
Attack Surface Categories
• Network attack surface
• Refers to vulnerabilities over an enterprise
network, wide-area network, or the Internet

• Software attack surface


• Refers to vulnerabilities in application, utility, or
operating system code

• Human attack surface


• Refers to vulnerabilities created by personnel or
outsiders
Attack Surface Analysis
• An attack surface analysis is a useful technique for assessing the scale and
severity of threats to a system. A systematic analysis of points of
vulnerability makes developers and security analysts aware of where
security mechanisms are required.

• Once an attack surface is defined, designers may be able to find ways to


make the surface smaller, thus making the task of the adversary more
difficult.

• The attack surface also provides guidance on setting priorities for testing,
strengthening security measures, and modifying the service or application.
The use of layering, or defense in depth, and attack surface
reduction complement each other in mitigating security risk.
Attack Tree
• A branching, hierarchical data structure that represents a
set of potential techniques for exploiting security
vulnerabilities
• The security incident that is the goal of the attack is
represented as the root node of the tree, and the ways that
an attacker could reach that goal are represented as
branches and subnodes of the tree
• The final nodes on the paths outward from the root, (leaf
nodes), represent different ways to initiate an attack
• The motivation for the use of attack trees is to effectively
exploit the information available on attack patterns
Attack Tree
• Figure 1.4, based on a figure in [DIMI07], is an example of an attack tree
analysis for an Internet banking authentication application. The root of the tree is the
objective of the attacker, which is to compromise a user’s account.

• The shaded boxes on the tree are the leaf nodes, which represent events that comprise the
attacks. Note that in this tree, all the nodes other than leaf nodes are OR-nodes.

• The analysis to generate this tree considered the three components involved in
authentication:

• User terminal and user (UT/U): These attacks target the user equipment, including the
tokens that may be involved, such as smartcards or other password generators, as well as
the actions of the user.

• Communications channel (CC): This type of attack focuses on communication links.

• Internet banking server (IBS): These types of attacks are offline attacks against
the servers that host the Internet banking application.
Attack Tree
Five overall attack strategies can be identified, each of which exploits one or more of the three
components. The five strategies are as follows:

• 1. User credential compromise: This strategy can be used against many elements of the
attack surface. There are procedural attacks, such as monitoring a user’s action to observe a
PIN or other credential, or theft of the user’s token or handwritten notes.
• An adversary may also compromise token information using a variety of token attack
tools, such as hacking the smartcard or using a brute force approach to guess the PIN.
Another possible strategy is to embed malicious software to compromise the user’s login
and password. An adversary may also attempt to obtain credential information
via the communication channel (sniffing). Finally, an adversary may use various means to
engage in communication with the target user, as shown in Figure 1.4.

• 2. Injection of commands: In this type of attack, the attacker can intercept communication
between the UT and the IBS. Various schemes can be used to be able to impersonate the valid
user and so gain access to the banking system.
Attack Tree
Five overall attack strategies can be identified, each of which exploits one or more of the three
components. The five strategies are as follows:

• 3. User credential guessing: It is reported in [HILT06] that brute force attacks against some
banking authentication schemes are feasible by sending random usernames and passwords.
The attack mechanism is based on distributed zombie personal computers, hosting automated
programs for username- or
password-based calculation.

• 4. Security policy violation: For example, violating the bank’s security policy in
combination with weak access control and logging mechanisms, an employee may cause an
internal security incident and expose a customer’s account.

• 5. Use of known authenticated session: This type of attack persuades or forces the user to
connect to the IBS with a preset session ID. Once the user authenticates to the server, the
attacker may utilize the known session ID to send packets to the IBS, spoofing the user’s
identity
Model for Network Security
A model for much of what we will be discussing is captured, in very general terms, in
Figure 1.5. A message is to be transferred from one party to another across some sort
of Internet service.

• A security-related transformation on the information to be sent. Examples


include the encryption of the message, which scrambles the message so that it
is unreadable by the opponent, and the addition of a code based on the contents of
the message, which can be used to verify the identity of the sender.

• Some secret information shared by the two principals and, it is hoped,


unknown to the opponent.
An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

• A trusted third party may be needed to achieve secure transmission. For


example, a third party may be responsible for distributing the secret information
to the two principals while keeping it from any opponent. Or a third party may be
needed to arbitrate disputes between the two principals concerning the authenticity
of a message transmission.
Model for Network Security

This general model shows that there are four basic tasks in designing a particular security
service:

1. Design an algorithm for performing the security-related transformation. The


algorithm should be such that an opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret information.

4. Specify a protocol to be used by the two principals that makes use of the
security algorithm and the secret information to achieve a particular security
service.
Model for Network Security
Unwanted Access
• Viruses and worms are two examples of software attacks. Such attacks can be
introduced into a system by means of a disk that contains the unwanted logic
concealed in otherwise useful software.

• They can also be inserted into a system across a network; this latter mechanism is
of more concern in network security.

The security mechanisms needed to cope with unwanted access fall into two
broad categories (see Figure 1.6).

• The first category might be termed a gatekeeper function. It includes


password-based login procedures that are designed to deny access to all but
authorized users and screening logic that is designed to detect and reject worms,
viruses, and other similar attacks.

• Once either an unwanted user or unwanted software gains access, the second line
of defense consists of a variety of internal controls that monitor activity and
analyze stored information to detect the presence of unwanted intruders.
Network Access Security
Model
Unwanted Access
• Placement in a computer system of logic that
exploits vulnerabilities in the system and that can
affect application programs as well as utility
programs such as editors and compilers
• Programs can present two kinds of threats:
• Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
• Service threats
• Exploit service flaws in computers to
inhibit use by legitimate users
Standards
• Standards have been developed to cover management practices and the overall
architecture of security mechanisms and services.

• Organizations have been involved in the development or promotion of these


standards. The most important (in the current context) of these organizations are
as follows:
Standards
National Institute of Standards and Technology

• NIST is a U.S. federal agency that deals with measurement science, standards, and technology related
to U.S. government use and to the promotion of U.S. private-sector innovation
• Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special
Publications (SP) have a worldwide impact

Internet Society

• ISOC is a professional membership society with world-wide organizational and individual membership
• Provides leadership in addressing issues that confront the future of the Internet and is the organization
home for the groups responsible for Internet infrastructure standards

ITU-T

• The International Telecommunication Union (ITU) is an international organization within the United
Nations System in which governments and the private sector coordinate global telecom networks and
services
• The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and
whose mission is the development of technical standards covering all fields of telecommunications
ISO

• The International Organization for Standardization is a world-wide federation of national standards bodies
from more than 140 countries
• ISO is a nongovernmental organization that promotes the development of standardization and related
activities with a view to facilitating the international exchange of goods and services and to developing
cooperation in the spheres of intellectual, scientific, technological, and economic activity
Summary
• Computer security • Security services
concepts • Authentication
• Definition • Access control
• Examples • Data confidentiality
• Challenges • Data integrity
• Nonrepudiation
• The OSI security • Availability service
architecture

• Security attacks • Security mechanisms


• Passive attacks • Fundamental security
• Active attacks design principles
• Attack surfaces and attack • Network security model
trees
• Standards

Common questions

Powered by AI

Weak access control and logging mechanisms lead to significant security vulnerabilities as they can easily be exploited to gain unauthorized access and conduct malicious activities without detection. Poor access controls allow intruders to bypass security checks and access sensitive data or systems. Inadequate logging mechanisms hamper the ability to track unauthorized activities or breaches, making it difficult to respond to threats promptly and diminishing accountability and traceability within the system .

Viruses and worms differ in their threat mechanisms in that viruses require user action to spread and embed themselves in other programs, while worms can self-replicate and propagate independently over networks. Network-based insertion of these threats is a greater concern because it allows rapid, widespread infection across systems without direct user intervention, significantly increasing the potential for disruption and the complexity of containment efforts .

A trusted third party in a network security model plays crucial roles such as distributing secret information, managing encryption keys, and arbitrating disputes regarding message authenticity. Its importance stems from the need to ensure that sensitive information remains secure and only accessible to authorized parties. By maintaining trust and impartiality in managing secure communications, a trusted third party can prevent potential security breaches that might arise from direct exchanges between communicating parties .

The attack tree model aids in understanding and mitigating security threats by providing a hierarchical representation of potential attack vectors and their combinations. In an Internet banking authentication application, it allows the identification of specific attack goals, such as compromising a user's account, and mapping out various routes an attacker might take to achieve that goal. This comprehensive view enables security analysts to assess possible vulnerabilities at different stages of an authentication process and implement targeted defenses to thwart identified attack strategies, improving the overall security posture of the application .

User credential compromise in attack trees involves techniques such as monitoring user actions to observe PINs, theft of tokens or handwritten notes, compromising token information through hacking or brute force, embedding malicious software, and sniffing communication channels. These techniques are of significant concern because they target the most sensitive aspect of user authentication, which is often the first line of defense in protecting against unauthorized access. Compromising user credentials can easily lead to full system breaches and unauthorized access to sensitive data .

International standards are crucial in managing network security as they provide a unified framework for implementing security practices globally, ensuring interoperability, consistency, and reliability across systems. Key organizations like NIST, ISOC, ITU-T, and ISO develop and promote these standards, guiding both governmental and private sectors in maintaining secure communications. These standards help in mitigating cross-border security risks, facilitating trade, and supporting technological advancements by establishing common security guidelines that must be met, thus enhancing the overall trust in digital systems worldwide .

The main components of an attack surface in network security models are the network attack surface, software attack surface, and human attack surface. The network attack surface involves vulnerabilities over a network or the Internet. The software attack surface encompasses application or system code vulnerabilities, while the human attack surface pertains to vulnerabilities introduced by personnel. These components influence the assessment of security threats by helping identify all potential points of exploitation, guiding security analysts in prioritizing security measures and vulnerability patches to minimize the size of the attack surface .

The main security-related tasks in designing a security service according to the network security model include designing an algorithm for performing security transformations, generating secret information to be used with the algorithm, developing methods for distributing and sharing the secret information, and specifying a protocol for the principals to use the algorithm and secret information to achieve the desired security service. These tasks ensure that security measures are robust, well-defined, and adhered to, providing a framework for effective protection of data transmitted over networks .

The two broad categories of security mechanisms for preventing unwanted access in networks are gatekeeper functions and internal controls. Gatekeeper functions include password-based login procedures and screening logic to prevent unauthorized access to systems by denying entry to all but authorized users and detecting malicious software. Internal controls come into play once an unwanted user or software has bypassed initial defenses, monitoring activity to detect and respond to intrusions or attacks, ensuring ongoing security monitoring within the system .

The concept of attack surface reduction complements the principle of defense in depth by systematically decreasing the number of potential entry points for attackers, thus minimizing the risk of exploitation. This aligns with defense in depth, which relies on multiple security layers to protect systems from attacks. By reducing the attack surface, fewer defenses need to be relied upon at each layer, allowing security resources to be focused on critical areas, thereby enhancing the overall defensive posture of a system .

You might also like