2022-06-16 12:46:50 +02:00
\section { Part 2: Attack Tree}
2022-06-23 08:53:03 +02:00
2022-06-23 09:27:07 +02:00
\subsection { Baum}
2022-06-27 13:59:59 +02:00
Siehe Abbildung \myref { tree:Attack tree}
2022-06-23 17:29:05 +02:00
2022-06-27 14:11:32 +02:00
\subsection { Kosten des günstigsten Angriffs}
2022-06-27 19:02:16 +02:00
Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (500€ + 500€ + 10.000€ = 11.000€)
2022-06-27 14:11:32 +02:00
\begin { rotatepage}
2022-06-23 17:29:05 +02:00
\begin { sidewaysfigure}
2022-06-27 19:02:16 +02:00
\begin { adjustbox} { width=0.95\textheight }
2022-06-23 09:27:07 +02:00
\begin { forest}
for tree={
draw,
minimum height=1cm,
anchor=parent,
align=center,
child anchor=parent
} ,
2022-06-23 17:29:05 +02:00
[{ Unauthorized Access to DB Data} , name=AD
2022-06-27 19:02:16 +02:00
[{ Break local authentication on server\\ 10.000€} , angle below, color=red
[{ Access to server room\\ 100€} , color=red, angle below
[{ Get unsupervised\\ in building\\ 1.000€} , color=red]
[{ Access to\\ the building\\ 100€} , color=teal
2022-06-23 17:40:25 +02:00
[{ Bribe\\ security\\ guard\\ 100.000€} , color=teal]
[{ Disguise yourself\\ as fireman\\ 1.000€} , angle below, color=red
2022-06-27 19:02:16 +02:00
[{ Steal fire-\\ man clothes\\ 1.000€} , color=red]
[{ Activate\\ firealarm\\ 100€} , color=teal]
[{ firealarm disables\\ locks\\ 10.000€} , color=red]
2022-06-23 17:40:25 +02:00
]
2022-06-27 19:02:16 +02:00
[{ Break into\\ building with force} , color=red]
2022-06-23 17:29:05 +02:00
]
2022-06-23 10:08:06 +02:00
]
2022-06-23 09:27:07 +02:00
]
2022-06-27 19:02:16 +02:00
[{ Unencrypt Harddrives\\ 100.000€} , color=red, angle below
[{ Get unsupervised\\ near harddrives\\ 1.000€} , color=red]
[{ Get access to harddrives\\ 1.000€} , color=teal
[{ Collect harddrives\\ for cleansing\\ 5.000€} , angle below, color=teal
[{ Get company\\ to hire company\\ 50.000€} , color=teal]
[{ Bribe Person in\\ data cleansing\\ 10.000€} , color=teal]
2022-06-23 17:29:05 +02:00
]
2022-06-23 10:08:06 +02:00
]
2022-06-23 09:27:07 +02:00
]
2022-06-27 19:02:16 +02:00
[{ Get access to db terminal\\ 500€} , color=teal
[{ Get access to\\ SSH Key storage\\ 50.000€} , angle below, color=red
[{ Steal employees\\ password\\ 1.000€} , color=teal]
[{ Access to\\ employee laptop\\ 10.000€} , color=teal]
2022-06-23 10:08:06 +02:00
]
2022-06-27 19:02:16 +02:00
[{ Use flaw in\\ Authentication\\ 500€} , color=teal
[{ MITM\\ Attack\\ 10.000€} , color=teal]
[{ Spoofing\\ Attack\\ 10.000€} , color=teal]
2022-06-23 10:08:06 +02:00
]
2022-06-23 09:27:07 +02:00
]
]
\end { forest}
2022-06-27 19:02:16 +02:00
\end { adjustbox}
2022-06-23 17:29:05 +02:00
\caption { Attack tree}
\label { tree:Attack tree}
\end { sidewaysfigure}
2022-06-27 14:11:32 +02:00
\end { rotatepage}
