Automated attack tree generation and evaluation : systemization of knowledge

Nguyen, Sam(Sam D.)

Author(s)

Nguyen, Sam(Sam D.)

Download1227507670-MIT.pdf (1.956Mb)

Other Contributors

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.

Advisor

Howard Shrobe.

Terms of use

MIT theses may be protected by copyright. Please reuse MIT thesis content according to the MIT Libraries Permissions Policy, which is available through the URL provided. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

The large scale infrastructure that modern society is dependent on has become more and more dependent on the computer systems that control it. Examples like electrical grids, water systems, or power plants all contribute heavily towards everyday function. Even though these systems have such importance, they have been repeatedly shown to be vulnerable to attacks. Cybersecurity research has shown that each month one in every five industrial control systems is attacked. A long-term concerted attack campaign to control or shutdown these systems could lead to disastrous results such as shutting down a power grid. Thus, it is crucial to be able to evaluate these systems and determine their vulnerabilities, especially by utilizing the bank of documented past attacks available as a resource. To address this, this thesis presents an extension to Dr. Howard Shrobe's Attack Planner, a computational vulnerability analysis system that is capable of outputting multistage attack model trees that achieve a desired goal on a desired system resource. It generates the attack models based on already known tactics and techniques that achieve different goals. In this thesis, I describe the systemization of knowledge of MITRE and NIST's available categorization and bank of exploits and vulnerabilities into the Attack Planner, an additional tactic based on an attacker-controlled ad server, and a critique of the internal organization and semantics. In order to incorporate MITRE and NIST's data, I used Dr. Erik Hemberg's BRON framework and created an interface between BRON's network representation of this data and the Attack Planner. MITRE and NIST categorize and organize all stages of an attack campaign at varying levels of depth starting from an overarching goal to down to specific exploits on a specific version of an operating system. By using BRON's network to link the specific exploits with their parent goals, the Attack Planner is able to generate plans with higher levels of detail

Description

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, September, 2020

Cataloged from student-submitted PDF of thesis.

Includes bibliographical references (pages 37-38).

Date issued

2020

URI

https://hdl.handle.net/1721.1/129214

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses