Fwd: Fw: best tool to draw attack trees ??

[Matthew Franz <mfranz () cisco com>]

Syntex, a latex preprocessor was the only thing I found to even be marginally useful. 

There are some commercial win32 based GUI risk analysis tools that were even less useful.

See:

http://www.theory.org/~matt/syntex/
http://freshmeat.net/projects/syntex/

-mdf

> ----- Original Message -----
> From: "Kruse, Darren (DEH)" <Kruse.Darren2 () saugov sa gov au>
> To: <pen-test () securityfocus com>
> Sent: Thursday, March 21, 2002 7:00 PM
> Subject: best tool to draw attack trees ??
>
>
> > I'm puzzling over what is the best way to draw attack trees.
> > Attack trees provide a formal, methodical way of describing the security
> of
> > systems, based on varying attacks. Basically, you represent attacks
> against
> > a system in a tree structure, with the goal as the root node and different
> > ways of achieving that goal as leaf nodes.
> > Bruce Schnier's Secrets and Lies - Digital Security in a Networked World
> http://www.amazon.com/exec/obidos/ASIN/0471253111/qid=1016671800/sr=8-1/ref=
> > sr_8_67_1/002-8209990-0206427 , in particular chapter 21 covers Attack
> Trees
> > There's also a DDJ article on attack trees
> > http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm (also by Bruce
> > Schnier) that covers virtually the same ground as the book.
> > I'm thinking that it would make a really good motivational tool for
> > management to see what all the threats are against our systems.
> > Having a documented attack tree would also help me in identifying what
> holes
> > ,and threats I need to worry about RIGHT NOW !
> > My first thought was to wade in, and start drawing with Visio - making use
> > of the layers feature to distinguish between different sets of values..
> > Possible / Impossible Cost script kiddie tool released ?
> > etc..
> > But does anyone know of a more "closely-suited" tool than Visio ? I've
> done
> > a google search on "attack tree" software, and come up blank.
> > There are cheaper alternatives to Visio - maybe Kivio mp
> > http://www.thekompany.com/products/kivio/faq.php3 ?? Unfortunately, the
> KDE
> > version (Kivio without the mp suffix) doesn't do layers. :-(
> > Would a web interface be better ? - certainly for navigating between
> > threats, but how about when you want to see a larger part of the tree ? ,
> or
> > the whole attack tree ??
> > Maybe MS Project ? - it's good at showing inter-related tasks , that have
> > dependancies and costs, and can output to HTML as well.
> > How about when I want to add , or share bits of someone else's attack tree
> ?
> > It would be cool to be able to download discrete sub-branches, just like
> you
> > download additional Snort IDS signatures.
> >
> > Darren Kruse CCNP CCDP
> > WAN/LAN Networking Consultant
> > Mobile : (+61) 0407 446 399
> > mailto://darren_kruse () hotmail com
> > http://www.geocities.com/darren_kruse
> >
> >
> > --------------------------------------------------------------------------
> --
> > This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> > Service. For more information on SecurityFocus' SIA service which
> > automatically alerts you to the latest security vulnerabilities please
> see:
> > https://alerts.securityfocus.com/

----- End forwarded message -----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/