Professional Documents
Culture Documents
Explain The Below Mentioned Threat Model in Detail With Their Advantages and Disadvantages
Explain The Below Mentioned Threat Model in Detail With Their Advantages and Disadvantages
NETWORK SECURITY
1. Explain the below mentioned threat model in detail with their advantages
and disadvantages:
a. Attack Tree
Using attack trees to model threats is one of the oldest and most widely applied
techniques on cyber-only systems, cyber-physical systems, and purely physical systems.
Attack trees were initially applied as a stand-alone method and has since been combined
with other methods and frameworks.
Attack trees are diagrams that depict attacks on a system in tree form. The tree root is the
goal for the attack, and the leaves are ways to achieve that goal. Each goal is represented
as a separate tree. Thus, the system threat analysis produces a set of attack trees.
In the case of a complex system, attack trees can be built for each component instead of
for the whole system. Administrators can build attack trees and use them to inform
security decisions, to determine whether the systems are vulnerable to an attack, and to
evaluate a specific type of attack.
In recent years, this method has often been used in combination with other techniques
and within frameworks such as STRIDE, CVSS, and PASTA.
b. PASTA
The Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat-
modeling framework developed in 2012. It contains seven stages, each with multiple
activities, which are illustrated in below:
PASTA aims to bring business objectives and technical requirements together. It uses a
variety of design and elicitation tools in different stages. This method elevates the threat-
modeling process to a strategic level by involving key decision makers and requiring
security input from operations, governance, architecture, and development. Widely
regarded as a risk-centric framework, PASTA employs an attacker-centric perspective to
produce an asset-centric output in the form of threat enumeration and scoring.
Generation
Generation-based fuzzers actually generate input from scratch rather than mutating
existing input. They usually require some level of intelligence to construct input that
makes at least some sense to the program, although generating completely random data
would also technically be generation.
Generation fuzzers often split a protocol or file format into chunks, which they can build
up in a valid order, and randomly fuzz some of those chunks independently. This can
create inputs that preserve their overall structure, but contain inconsistent data within it.
The granularity of these chunks and the intelligence with which they’re constructed
define the level of intelligence of the fuzzer. While mutation-based fuzzing can have a
similar effect as generation fuzzing (as, over time, mutations will be randomly applied
without completely breaking the input’s structure), generating inputs ensures this will be
so.
Evolutionary
Evolutionary fuzzing’s an advanced technique, which we’ll briefly describe. It allows the
fuzzer to use feedback from each test case to learn the format of the input over time. For
example, by measuring the code coverage of each test case, the fuzzer can work out
which properties of the test case exercise a given area of code, and gradually evolve a set
of test cases that cover the majority of the program code. Evolutionary fuzzing often
relies on other techniques similar to genetic algorithms and may require some form of
binary instrumentation to operate correctly.
7. Explain Control Hijacking in detail with any one attack of your choice.
Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker
takes control of computer systems, software programs and/or network communications. A wide
range of cyber attacks rely on hijacking in one form or another, and -- similar to other hijackings,
such as an airplane hijacker or criminals seizing control of an armored transport vehicle -- cyber
hijacking is often, but not always, highly illegal with severe consequences for both the attacker
and the victim.
There are several different kinds of cyber hijacking, among them:
• browser hijacking
• session hijacking
• domain hijacking
• clipboard hijacking
• domain name system (DNS) hijacking
• Internet Protocol (IP) hijacking
• page hijacking
Browser hijacking is a tactic used by hackers and unscrupulous online advertisers to take control
of a web browser. In practice, browser hijacking is most often used to redirect web traffic, alter
default browser settings or force a victim to click advertisements. However, there are also
instances where hackers use hijacked browsers to intercept sensitive information and even
make unwitting victims download additional malware.