swb6-it-sec/Lab05/documentation/part2/part2.tex

\section{Part 2: Attack Tree}

\subsection{Baum}

Siehe Abbildung \myref{tree:Attack tree}

\subsection{Kosten des günstigsten Angriffs}

Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (1.000-10.000€)

\begin{rotatepage}
\begin{sidewaysfigure}
\begin{forest}
    for tree={
        draw,
        minimum height=1cm,
        anchor=parent,
        align=center,
        child anchor=parent
    },
    [{Unauthorized Access to DB Data}, name=AD
        [{No local authenti-\\cation on server}, angle below, color=red
            [{Access to server room}, color=red, angle below
            [{Unsupervised\\in building}, color=red]
                [{Access to\\the building}, color=teal
                    [{Bribe\\security\\guard\\100.000€}, color=teal]
                    [{Disguise yourself\\as fireman\\1.000€}, angle below, color=red
                        [{Steal\\fireman\\clothes}, color=red]
                        [{Activate\\firealarm}, color=teal]
                        [{firealarm\\disables\\locks}, color=red]
                    ]
                    [{Break into\\building}, color=red
                        [{Hire crew\\for heist}, color=red]
                    ]
                ]
            ]
        ]
        [{Harddrives unencrypted}, color=red, angle below
            [{Unsupervised\\near harddrives}, color=red]
            [{Access to the harddrives}, color=teal
                [{Collect harddrives\\for cleansing}, angle below, color=teal
                    [{Get company\\to hire you\\50.000€}, color=teal]
                    [{Work in\\data cleansing}, color=teal]
                ]
            ]
        ]
        [{Access to db terminal}, color=teal
            [{Access to\\SSH Keys}, color=red
                [{Access to\\Key storage}, angle below, color=red
                    [{Employee uses\\bad password}, color=teal]
                    [{Access to\\employee laptop\\10.000€}, color=teal]
                ]
            ]
            [{Flaw in\\Authentication}, color=teal
                [{MITM\\1.000€}, color=teal]
                [{Spoofing\\10.000€}, color=teal]
            ]
        ]
    ]
\end{forest}
\caption{Attack tree}
\label{tree:Attack tree}
\end{sidewaysfigure}
\end{rotatepage}
init lab5 2022-06-16 12:46:50 +02:00			`\section{Part 2: Attack Tree}`
part1 2022-06-23 08:53:03 +02:00
implement attack tree 2022-06-23 09:27:07 +02:00			`\subsection{Baum}`

Ref captions and label 2022-06-27 13:59:59 +02:00			`Siehe Abbildung \myref{tree:Attack tree}`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00
Rotate tables and caption 2022-06-27 14:11:32 +02:00			`\subsection{Kosten des günstigsten Angriffs}`

			`Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (1.000-10.000€)`

			`\begin{rotatepage}`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`\begin{sidewaysfigure}`
implement attack tree 2022-06-23 09:27:07 +02:00			`\begin{forest}`
			`for tree={`
			`draw,`
			`minimum height=1cm,`
			`anchor=parent,`
			`align=center,`
			`child anchor=parent`
			`},`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`[{Unauthorized Access to DB Data}, name=AD`
empty table 2022-06-23 17:42:39 +02:00			`[{No local authenti-\\cation on server}, angle below, color=red`
			`[{Access to server room}, color=red, angle below`
Include costs 2022-06-23 17:40:25 +02:00			`[{Unsupervised\\in building}, color=red]`
			`[{Access to\\the building}, color=teal`
			`[{Bribe\\security\\guard\\100.000€}, color=teal]`
			`[{Disguise yourself\\as fireman\\1.000€}, angle below, color=red`
			`[{Steal\\fireman\\clothes}, color=red]`
			`[{Activate\\firealarm}, color=teal]`
			`[{firealarm\\disables\\locks}, color=red]`
			`]`
			`[{Break into\\building}, color=red`
			`[{Hire crew\\for heist}, color=red]`
			`]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`]`
More data 2022-06-23 10:08:06 +02:00			`]`
implement attack tree 2022-06-23 09:27:07 +02:00			`]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`[{Harddrives unencrypted}, color=red, angle below`
Include costs 2022-06-23 17:40:25 +02:00			`[{Unsupervised\\near harddrives}, color=red]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`[{Access to the harddrives}, color=teal`
			`[{Collect harddrives\\for cleansing}, angle below, color=teal`
Include costs 2022-06-23 17:40:25 +02:00			`[{Get company\\to hire you\\50.000€}, color=teal]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`[{Work in\\data cleansing}, color=teal]`
			`]`
More data 2022-06-23 10:08:06 +02:00			`]`
implement attack tree 2022-06-23 09:27:07 +02:00			`]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`[{Access to db terminal}, color=teal`
			`[{Access to\\SSH Keys}, color=red`
			`[{Access to\\Key storage}, angle below, color=red`
			`[{Employee uses\\bad password}, color=teal]`
Include costs 2022-06-23 17:40:25 +02:00			`[{Access to\\employee laptop\\10.000€}, color=teal]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`]`
More data 2022-06-23 10:08:06 +02:00			`]`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`[{Flaw in\\Authentication}, color=teal`
Include costs 2022-06-23 17:40:25 +02:00			`[{MITM\\1.000€}, color=teal]`
			`[{Spoofing\\10.000€}, color=teal]`
More data 2022-06-23 10:08:06 +02:00			`]`
implement attack tree 2022-06-23 09:27:07 +02:00			`]`
			`]`
			`\end{forest}`
update part2 tree, more realistic 2022-06-23 17:29:05 +02:00			`\caption{Attack tree}`
			`\label{tree:Attack tree}`
			`\end{sidewaysfigure}`
Rotate tables and caption 2022-06-27 14:11:32 +02:00			`\end{rotatepage}`