Screenshots
SecurITree screenshots. Click on the image to see a larger image.
Acme Attack Tree
Acme Attack Tree - An attack tree showing ways an attacker could compromise the web server of a hypothetical Internet shopping site (Acme). Green nodes represent alternative ways in which the node can be realized (OR nodes). Cyan nodes depict processes or procedures for accomplishing the node (AND). The grey rectangles at the bottom of the tree are leaf nodes. Leaf nodes are the points of interaction between the adversary and the target. The pink nodes with a bar underneath have been rolled up - the detail below them is graphically suppressed. The analyst can reveal the hidden information with a few clicks of the mouse. |
Acme Attack Scenarios
Acme Attack Scenarios - To attain the root (overall) goal in an attack tree, an adversary must perform one or more low level (leaf) operations. Each minimal set of leaf activities that will result in the root goal being achieved is known as an attack scenario or cut set. This figure shows a partial listing of attack scenarios for a model of the hypothetical Acme corporation's web store. The tree shown in the graphic corresponds to the highlighted attack scenario. |
Pruned Attack Tree
Pruned Attack Tree - Each attack scenario in an attack tree requires resources and skills from the attacker. If the attack is beyond the capabilities of a particular class of adversary (threat agent) they will be unable to perform it. In this figure the analyst has defined the characteristics of a threat agent - a well funded, moderately skilled organized crime group. The limitations of the adversary have caused the portions of the tree beyond their capability to be removed from the diagram. |
Threat Agent Profile
Threat Agent Profile - A description of an organized crime (with insiders) group operating against the hypothetical Acme company. Utility functions are used to describe the capabilities of this adversary and what goals they are trying to achieve. This input will be used to estimate the probability the adversary will perform the various attack scenarios in an attack tree. |
Threat Agent Utility Function
Threat Agent Utility Function - A utility function has been created by the analyst showing an adversary's willingness and ability to spend money. Here, a small organized crime group is shown. The group is completely willing and able to spend nothing. Their inclination to spend decreases as the cost rises. They are completely unable or unwilling to spend more than $20,000 on an attack. |
Risk by Configuration and Threat
Risk by Configuration and Threat - A chart showing how the hypothetical Acme web shopping site will fare against two classes of adversary, with and without a particular countermeasure being deployed. |
High Risk Scenarios
High Risk Scenarios - To attain the root (overall) goal in an attack tree, an adversary must perform one or more low level (leaf) operations. Each minimal set of leaf activities that will result in the root goal being achieved is known as an attack scenario or cut set. The risk associated with an attack scenario depends on its likelihood and impact on the victim. This figure shows the highest risk scenarios contained in the attack tree model of the hypothetical Acme corporation's web store. |
Hostile Risk Scatter Graph
Hostile Risk Scatter Graph - To attain the root (overall) goal in an attack tree, an adversary must perform one or more low level (leaf) operations. Each minimal set of leaf activities that will result in the root goal being achieved is known as an attack scenario or cut set. The figure shows a chart with colored curves representing equi-risk boundaries. Attack scenarios from the tree model have been plotted on the chart with dots. The lower table shows the scenarios corresponding to one of the dots that the analyst has clicked on. |
Linux Attack Tree
Linux Attack Tree - A partial attack tree showing ways in which the Linux operating system can be attacked. This tree is part of Amenaza's IT LIbrary of attack trees. Green nodes represent alternative ways in which the node can be realized (OR nodes). Cyan nodes depict processes or procedures for accomplishing the node (AND). The grey rectangles at the bottom of the tree are leaf nodes. Leaf nodes are the points of interaction between the adversary and the target. The pink nodes with a bar underneath have been rolled up - the detail below them is graphically suppressed. The analyst can reveal the hidden information with a few clicks of the mouse. |
Privileged Process Attack Tree
Privileged Process Attack Tree - An attack tree showing ways an attacker could gain control of a privileged (ID=root) process in Linux. Green nodes represent alternative ways in which the node can be realized (OR nodes). Cyan nodes depict processes or procedures for accomplishing the node (AND). The grey rectangles at the bottom of the tree are leaf nodes. Leaf nodes are the points of interaction between the adversary and the target. The pink nodes with a bar underneath have been rolled up - the detail below them is graphically suppressed. The analyst can reveal the hidden information with a few clicks of the mouse. |
Powerful, intuitive analytic functions