Graphviz r3/5/2023 5Īll the branches on the tree – reflecting different cost paths – will end up connecting the Reality and Attackers Win nodes in some fashion. The most basic security decision tree will have two common states: Reality (the starting node from which all others descend) 4 and Attackers Win (the ending node reflecting attackers accomplishing their goal). If you want to understand more about the decision tree architecture, I entreat you yet again to download the Security Chaos Engineering report. The lowest cost path for attackers is generally the one with zero defensive mitigations in place, what I affectionately call “yolosec." The highest cost path for attackers usually involves finding and exploiting zero day vulnerabilities or performing upstream supply chain attacks 3. The branches of the tree are oriented from the lowest cost paths to attackers (on the left) to the most expensive attacker paths (on the right). Thus, the decision tree shows the potential paths attackers can take, including attacker actions performed in response to defensive actions or mitigations, to reach the goal of accessing that S3 bucket. The (rather obvious) way attackers win is by successfully accessing the video recordings in the S3 bucket. As the product and engineering teams think through the design of this project, they want to avoid bad things happening to the project that could cost money (whether via downtime or compliance fines) or time (which is also money) 2. In this example, our imaginary organization wants to store customer video recordings in an S3 bucket. Organizations often store important content in cloud storage buckets. Building the decision treeįor those of you who haven’t read the report yet (reminder: it’s free), let’s set some background context on this example. I personally found it quite intuitive, though, as always, your mileage may vary. The textual descriptions of the graph are written using the DOT language (and thereby saved as a. However, these style deficiencies are balanced by the ease of editing the relationships represented in the graph – an issue I previously found tedious when using GUI-based tools. I found that the default styling options for Graphviz can quickly look like a hybrid of the infamous defense charts or the “graphic design is my passion” meme. Graphviz takes descriptions of graphs in text form and converts them into a visual (like an image or PDF). It is open source, which was especially compelling as I tried out various graphing tools for the decision tree use case because I am a ho for not spending money. I won’t cover how to populate your own decision tree in this post since that is already covered in the e-book, which is immediately available at your fingertips for the delectable price of free.Īs an apéritif, here’s the end result towards which we’ll be building:Īs the name suggests, Graphviz is a graph visualization tool. Using this as a reference, you can extrapolate this process into a pattern to inform saner security prioritization during the design phase of the product lifecycle. This post will walk through creating the example decision tree from the e-book using Graphviz and a. In the recently published “Security Chaos Engineering” e-book, one of the chapters I wrote covers attacker math and the power of decision trees to guide more pragmatic threat modelling.
0 Comments
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |