update part2 tree, more realistic
This commit is contained in:
parent
b69c7048f1
commit
3b06bd75db
2 changed files with 67 additions and 33 deletions
|
|
@ -2,7 +2,9 @@
|
||||||
|
|
||||||
\subsection{Baum}
|
\subsection{Baum}
|
||||||
|
|
||||||
\begin{sideways}
|
Siehe Abbildung \ref{tree:Attack tree}
|
||||||
|
|
||||||
|
\begin{sidewaysfigure}
|
||||||
\begin{forest}
|
\begin{forest}
|
||||||
for tree={
|
for tree={
|
||||||
draw,
|
draw,
|
||||||
|
|
@ -11,47 +13,47 @@
|
||||||
align=center,
|
align=center,
|
||||||
child anchor=parent
|
child anchor=parent
|
||||||
},
|
},
|
||||||
[{Daten in Datenbank angreifen}, name=AD
|
[{Unauthorized Access to DB Data}, name=AD
|
||||||
[{Zugang zum Server}
|
[{No authentication}, angle below, color=red
|
||||||
[{Sicherheitsdients\\bestechen\\10.000€}, angle below
|
[{Access to\\server room}, color=red]
|
||||||
[{Zugang zum Gebäude 10€}, color my roots=teal, rotate=270]
|
[{Access to\\the building}, color=teal
|
||||||
[{Festplatten klauen 10€}, color my roots=teal, rotate=270]
|
[{Bribe\\security\\guard}, color=teal]
|
||||||
[{Spuren verwischen 50.000€}, color my roots=teal, rotate=270]
|
[{Disguise yourself\\as fireman}, angle below, color=red
|
||||||
]
|
[{Steal\\fireman\\clothes}, color=red]
|
||||||
[{Feueralarm\\aktivieren\\10€}, angle below
|
[{Activate\\firealarm}, color=teal]
|
||||||
[{Als Feuerwehrmann Gebäude betreten 100€}, color my roots=teal, rotate=270]
|
[{firealarm\\disables\\locks}, color=red]
|
||||||
[{Im Chaos Festplatten klauen 10€}, color my roots=teal, rotate=270]
|
]
|
||||||
|
[{Break into\\building}, color=red
|
||||||
|
[{Hire crew\\for heist}, color=red]
|
||||||
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
[{Zugang zu Daten}
|
[{Harddrives unencrypted}, color=red, angle below
|
||||||
[{SSH\\hijack\\10€}
|
[{Unsupervised}, color=red]
|
||||||
[{Man In the Middle 10€}, color my roots=teal, rotate=270]
|
[{Access to the harddrives}, color=teal
|
||||||
[{Zertifikate klauen 1.000€}, color my roots=teal, rotate=270]
|
[{Collect harddrives\\for cleansing}, angle below, color=teal
|
||||||
]
|
[{Get company\\to hire you}, color=teal]
|
||||||
[{SQL\\Injection\\10€}
|
[{Work in\\data cleansing}, color=teal]
|
||||||
[{Passworteingabe 10€}, color my roots=teal, rotate=270]
|
]
|
||||||
[{Kommentarfunktion 10€}, color my roots=teal, rotate=270]
|
|
||||||
]
|
|
||||||
[{Schlechte\\Auth\\10€}
|
|
||||||
[{Password ist 12345678 10€}, color my roots=red, rotate=270]
|
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
[{Zugang zu Mitarbeiter}
|
[{Access to db terminal}, color=teal
|
||||||
[{Daten auf\\USB Stick\\100.000€}, angle below
|
[{Access to\\SSH Keys}, color=red
|
||||||
[{Daten auf Server löschen 10.000€}, color my roots=teal, rotate=270]
|
[{Access to\\Key storage}, angle below, color=red
|
||||||
[{Daten an Firma verkaufen 500€}, color my roots=teal, rotate=270]
|
[{Employee uses\\bad password}, color=teal]
|
||||||
[{Daten im Netz verkaufen 500€}, color my roots=teal, rotate=270]
|
[{Access to\\employee laptop}, color=teal]
|
||||||
|
]
|
||||||
]
|
]
|
||||||
[{Daten\\in Cloud\\100.000€}
|
[{Flaw in\\Authentication}, color=teal
|
||||||
[{Daten im Netz verkaufen 500€}, color my roots=teal, rotate=270]
|
[{MITM}, color=teal]
|
||||||
[{Firma mit Veröffentlichung drohen 1000€}, color my roots=teal, rotate=270]
|
[{Spoofing}, color=teal]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
\end{forest}
|
\end{forest}
|
||||||
\end{sideways}
|
\caption{Attack tree}
|
||||||
|
\label{tree:Attack tree}
|
||||||
Wenn keine Kosten für die Aktion vorhanden sind werden trotzdem 10€ für Sprit, Strom, etc. gerechnet.
|
\end{sidewaysfigure}
|
||||||
|
|
||||||
\subsection{Kosten des günstigsten Angriffs}
|
\subsection{Kosten des günstigsten Angriffs}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1 +1,33 @@
|
||||||
\section{Part 3: Quantitative Risk Assessment}
|
\section{Part 3: Quantitative Risk Assessment}
|
||||||
|
|
||||||
|
\begin{table}[ht]
|
||||||
|
\centering
|
||||||
|
\begin{adjustbox}{width=1\textwidth}
|
||||||
|
\small
|
||||||
|
\begin{tabular}{l|l|l|l|l|l|l|l}
|
||||||
|
\textbf{Asset} & \textbf{Security Issue} & \textbf{ACS} & \textbf{ALE1} & \textbf{SLE2} & \textbf{ARO2} & \textbf{ALE2} & \textbf{Benefit} \\
|
||||||
|
\hline
|
||||||
|
Database Server & Dashboard & Speedometer & Driver & A. Name & Car & IA & No \\
|
||||||
|
\hline
|
||||||
|
& Entertainment & Entertainment system & Driver & A. Nother & Car & CA & Yes \\
|
||||||
|
\hline
|
||||||
|
& OTA Server & OTA Updates & IT-Dep & S. Ome & E2, room 44& IA & No \\
|
||||||
|
\hline
|
||||||
|
Client DB & Charging Station & System to handle charging & Owner of Station & B. Ody & Fuel Stations & IA & Yes \\
|
||||||
|
\hline
|
||||||
|
Website & Database Server & Host for DB & IT-Dep & T. Is & E2, room 45 & CIA & Yes \\
|
||||||
|
\hline
|
||||||
|
& Employee DB & Database of employees& HR-Department & I. Sweird & Database Server & CI & Yes \\
|
||||||
|
\hline
|
||||||
|
Online Shop & Online Shop & Buy the car online & Sales/Marketing & A. Ndun & Webserver & CIA & No \\
|
||||||
|
\hline
|
||||||
|
& Client DB & Database of clients & Sales/Marketing & I. Nspired & Database Server & CI & Yes \\
|
||||||
|
\hline
|
||||||
|
Entertainment & Webserver & Website hosting & IT-Dep & A. Lmost & Strato & IA & No \\
|
||||||
|
\hline
|
||||||
|
& Website & Company Website & Sales/Marketing & D. One & Webserver & IA & No \\
|
||||||
|
\end{tabular}
|
||||||
|
\end{adjustbox}
|
||||||
|
\caption{Quantitative Assessment}
|
||||||
|
\label{tab:Quantitative Assessment}
|
||||||
|
\end{table}
|
||||||
|
|
|
||||||
Reference in a new issue