From 3b06bd75db39376b262fba14243ae7fd9cb4c332 Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Thu, 23 Jun 2022 17:29:05 +0200 Subject: [PATCH] update part2 tree, more realistic --- Lab05/documentation/part2/part2.tex | 68 +++++++++++++++-------------- Lab05/documentation/part3/part3.tex | 32 ++++++++++++++ 2 files changed, 67 insertions(+), 33 deletions(-) diff --git a/Lab05/documentation/part2/part2.tex b/Lab05/documentation/part2/part2.tex index 6ba39a3..0666e27 100644 --- a/Lab05/documentation/part2/part2.tex +++ b/Lab05/documentation/part2/part2.tex @@ -2,7 +2,9 @@ \subsection{Baum} -\begin{sideways} +Siehe Abbildung \ref{tree:Attack tree} + +\begin{sidewaysfigure} \begin{forest} for tree={ draw, @@ -11,47 +13,47 @@ align=center, child anchor=parent }, - [{Daten in Datenbank angreifen}, name=AD - [{Zugang zum Server} - [{Sicherheitsdients\\bestechen\\10.000€}, angle below - [{Zugang zum Gebäude 10€}, color my roots=teal, rotate=270] - [{Festplatten klauen 10€}, color my roots=teal, rotate=270] - [{Spuren verwischen 50.000€}, color my roots=teal, rotate=270] - ] - [{Feueralarm\\aktivieren\\10€}, angle below - [{Als Feuerwehrmann Gebäude betreten 100€}, color my roots=teal, rotate=270] - [{Im Chaos Festplatten klauen 10€}, color my roots=teal, rotate=270] + [{Unauthorized Access to DB Data}, name=AD + [{No authentication}, angle below, color=red + [{Access to\\server room}, color=red] + [{Access to\\the building}, color=teal + [{Bribe\\security\\guard}, color=teal] + [{Disguise yourself\\as fireman}, angle below, color=red + [{Steal\\fireman\\clothes}, color=red] + [{Activate\\firealarm}, color=teal] + [{firealarm\\disables\\locks}, color=red] + ] + [{Break into\\building}, color=red + [{Hire crew\\for heist}, color=red] + ] ] ] - [{Zugang zu Daten} - [{SSH\\hijack\\10€} - [{Man In the Middle 10€}, color my roots=teal, rotate=270] - [{Zertifikate klauen 1.000€}, color my roots=teal, rotate=270] - ] - [{SQL\\Injection\\10€} - [{Passworteingabe 10€}, color my roots=teal, rotate=270] - [{Kommentarfunktion 10€}, color my roots=teal, rotate=270] - ] - [{Schlechte\\Auth\\10€} - [{Password ist 12345678 10€}, color my roots=red, rotate=270] + [{Harddrives unencrypted}, color=red, angle below + [{Unsupervised}, color=red] + [{Access to the harddrives}, color=teal + [{Collect harddrives\\for cleansing}, angle below, color=teal + [{Get company\\to hire you}, color=teal] + [{Work in\\data cleansing}, color=teal] + ] ] ] - [{Zugang zu Mitarbeiter} - [{Daten auf\\USB Stick\\100.000€}, angle below - [{Daten auf Server löschen 10.000€}, color my roots=teal, rotate=270] - [{Daten an Firma verkaufen 500€}, color my roots=teal, rotate=270] - [{Daten im Netz verkaufen 500€}, color my roots=teal, rotate=270] + [{Access to db terminal}, color=teal + [{Access to\\SSH Keys}, color=red + [{Access to\\Key storage}, angle below, color=red + [{Employee uses\\bad password}, color=teal] + [{Access to\\employee laptop}, color=teal] + ] ] - [{Daten\\in Cloud\\100.000€} - [{Daten im Netz verkaufen 500€}, color my roots=teal, rotate=270] - [{Firma mit Veröffentlichung drohen 1000€}, color my roots=teal, rotate=270] + [{Flaw in\\Authentication}, color=teal + [{MITM}, color=teal] + [{Spoofing}, color=teal] ] ] ] \end{forest} -\end{sideways} - -Wenn keine Kosten für die Aktion vorhanden sind werden trotzdem 10€ für Sprit, Strom, etc. gerechnet. +\caption{Attack tree} +\label{tree:Attack tree} +\end{sidewaysfigure} \subsection{Kosten des günstigsten Angriffs} diff --git a/Lab05/documentation/part3/part3.tex b/Lab05/documentation/part3/part3.tex index 37a6257..a22b6ce 100644 --- a/Lab05/documentation/part3/part3.tex +++ b/Lab05/documentation/part3/part3.tex @@ -1 +1,33 @@ \section{Part 3: Quantitative Risk Assessment} + +\begin{table}[ht] + \centering + \begin{adjustbox}{width=1\textwidth} + \small + \begin{tabular}{l|l|l|l|l|l|l|l} + \textbf{Asset} & \textbf{Security Issue} & \textbf{ACS} & \textbf{ALE1} & \textbf{SLE2} & \textbf{ARO2} & \textbf{ALE2} & \textbf{Benefit} \\ + \hline + Database Server & Dashboard & Speedometer & Driver & A. Name & Car & IA & No \\ + \hline + & Entertainment & Entertainment system & Driver & A. Nother & Car & CA & Yes \\ + \hline + & OTA Server & OTA Updates & IT-Dep & S. Ome & E2, room 44& IA & No \\ + \hline + Client DB & Charging Station & System to handle charging & Owner of Station & B. Ody & Fuel Stations & IA & Yes \\ + \hline + Website & Database Server & Host for DB & IT-Dep & T. Is & E2, room 45 & CIA & Yes \\ + \hline + & Employee DB & Database of employees& HR-Department & I. Sweird & Database Server & CI & Yes \\ + \hline + Online Shop & Online Shop & Buy the car online & Sales/Marketing & A. Ndun & Webserver & CIA & No \\ + \hline + & Client DB & Database of clients & Sales/Marketing & I. Nspired & Database Server & CI & Yes \\ + \hline + Entertainment & Webserver & Website hosting & IT-Dep & A. Lmost & Strato & IA & No \\ + \hline + & Website & Company Website & Sales/Marketing & D. One & Webserver & IA & No \\ + \end{tabular} + \end{adjustbox} + \caption{Quantitative Assessment} + \label{tab:Quantitative Assessment} + \end{table}