Allows system analysts to design system security solutions, much as software programs such as CAD (computer-aided drafting and design) allow engineers to design safe bridges or buildings. SecurITree software allows a security expert to mathematically model possible attacks against a computer system. The model is known as “an attack tree.”
Using a process known as pruning, a security expert can use the capabilities of system attackers and compare them with the resources required to conduct specific attacks—all built into the software model. Attacks considered to be beyond the cracker’s capability are then systematically removed from the model. Thus, what remains in the model are the attacks considered to be highly likely and feasible.
This software is a Java-based application that spotlights which of the deficiencies in a computer system most crackers would find enticing, thus allowing a security expert to objectively consider security trade-offs and to set priorities for risk-mitigating actions. The SecurITree software creates a model that outlines the various ways that a computer system can be attacked, predicts how potential system intruders will attack by comparing their capabilities with the system’s vulnerabilities, evaluates the impact of each attack scenario on the system in question, determines the degree of risk affiliated with each attack scenario, and monitors the computer system for signs of attack.
Amenaza Technologies Limited. Attack Tree Methodology. [Online, July 6, 2004.] Amenaza Technologies Limited Website. http://www.amenaza.com/methodology.html; Amenaza Technologies Limited. Product Overview. [Online, July 6, 2004.] Amenaza Technologies Limited Website. http://www.amenaza.com/products.html.