The use of decision-tree modeling can be an effective way to identify "unwanted outcomes."
Amenaza's SecurITree applies decision theory to determine likely paths of attack, starting with the attacker's desired outcome. This generic example reveals the ways an adolescent criminal would attempt to break into a house. Attack vectors that are impractical (e.g., tunneling under the house), too risky or beyond the ability and/or resources of the attacker have already been pruned from the tree.
Security startup Amenaza Technologies addresses risk reduction from a different perspective--that of the attacker. Amenaza's SecurITree employs a method of creating an exploit route by linking together various approach paths and vulnerabilities in the same way an attacker might exploit a system to attain his objective.
Taking Bruce Schneier's Attack Tree modeling approach, which applies decision theory to security, SecurITree allows an enterprise to identify unwanted outcomes (e.g., stolen credit card information) and work outwards to model various ways an attacker may pursue that outcome. The result is a decision tree that shows all of the various combinations of paths that will lead an attacker to success--the defender's unwanted outcome.
Once the paths are identified, SecurITree factors in the cost of an attack, skill requirement and a disincentive--the probability of being caught--to calculate the relative value of each path. SecurITree then enables the user to add in the profiles of potential attackers (thieves, terrorists, script-kiddies, etc.), which allows the tree to be pruned based on cost, skills and aversion to being caught.
Ultimately, SecurITree provides a way to identify choke points, where security controls can be applied to protect multiple vulnerabilities along a path or set of paths, such as a firewall protecting many systems from being attacked from the Internet.
Pete Lindstrom is research director for Spire Security and a member of Information Security's editorial advisory board.