Attacks and Defenses

Threats	Attacks	Defenses
Prevention	Detection	Reaction
Integrity	Availability	Confidentiality

The attack and defense analysis is intended to provide automation to the information protection designer by allowing more comprehensive assessment than has previously been available.

Classes of attacks and defense are provided along with examples from those classes, current information about the known complexity of problems in those classes, and detailed drill-down to attack and defense scripts and software for authorized users
Threat profiles and countermeasure profiles are provided to allow analysis based on specific threats and countermeasure sets used in a particular environment. These profiles include information on the quality of people and methods to facilitate numerical analysis.
A covering table provides the glue for connecting attacks and threat profiles with defenses and countermeasure sets. This covering table provides in formation on the effectiveness of each against the other and is the basis for optimization.

Classes of Attacks and Defenses:

We have currently catalogued about 100 different classes of attacks and well over 100 classes of defenses. Each includes a name, description, examples, and a description of the complexity issues inherent in its use for offense or defense. In many cases, there are drill-downs to the VAP database (from Lawrence Livermore) or references to scientific papers in support of the included results.

In the future, we hope to have more definitive mathematical results, examples, and citations for all of the attacks and defenses, and where applicable, to provide source code for software which implementes the defenses.

Threat and Countermeasure Profiles:

Threat profiles and countermeasure profiles are currently defined in our database as sets of classes of attacks and defenses with associated strength of attackers and quality of methods. For example, the threat profile of a hacker includes password guessing of moderate quality and moderate skill, while infrastructure warriors include attacks like floods, high skill levels, and high quality of attacks. Similarly, the defense profile for a B1 operating system includes object reuse protection, while a C1 profile does not.

Covering Tables:

Covering tables are currently being developed. An initial 0-1 covering table should be available soon, but a more thorough covering table including quality of defense against each attack is likely to be developed with a community effort.