attack tree CS

profilepotrero
attack_tree.docx

Read Bruce Schneier's paper on attack trees (https://www.schneier.com/paper-attacktrees-ddj-ft.html (Links to an external site.)). Note that he uses some technical jargon to make a point about good vs. bad security controls. Don't worry if this doesn't make sense, the overall article is very good.

Come up with your own attack goal, and list some first level attacks that would allow an "evil doer" to achieve the attack goal. The attack may involve a computer breach, or it may involve some other type of crime or even a non-criminal action that results in harm.

After defining the single goal of the evil attacker, create a second level of different attack methods. One method might involve a computer intrusion, another a physical "break and enter", a third human persuasion (social engineering), etc. For each attack method, the next set of branches under the method may be the different tasks required to succeed at the method.

Create a sample tree in a graphical format, as shown in the article. Remember, a tree has multiple levels, branches do not join (they only spread out) and there must be a single attack goal at the root. Indicate "and" cases where a combination of attacks are required to meet the next level's goal. Full credit for this project requires that you meet all these