Type,#,Programming,Threat Modeling Lecture Attendance,Have you heard of threat models before? If so which?,LS-ADT1-L1,LS-ADT1-L2,LS-ADT1-L3,LS-ADT1-L4,LS-ADT1-L5,LS-ADT1-W1,LS-ADT1-W2,ADT1 # def leaf nodes,ADT1 # def nodes,ADT1 # atk leaf nodes,ADT1 # atk nodes,ADT1 # and (atk),ADT1 #or (atk),ADT1 LoA,ADT1 Multi parent nodes,ADT1 Multi refinement,ADT1 single child (atk),ADT1 multi countermeasure,ADT1 # refinement,ADT1 error count,LS-ADT2-L1,LS-ADT2-L2,LS-ADT2-W1,LS-ADT2-W2,LS-ADT2-W3,ADT2 # def leaf nodes,ADT2 # def nodes,ADT2 # atk leaf nodes,ADT2 # atk nodes,ADT2 # and (atk),ADT2 #or (atk),ADT2 LoA,ADT2 Multi parent nodes,ADT2 Multi refinement,ADT2 single child (atk),ADT2 multi countermeasure,ADT2 # refinement,ADT2 error count,LS-ADT3-L1,LS-ADT3-L2,LS-ADT3-L3,LS-ADT3-W1,LS-ADT3-W2,LS-ADT3-W3,LS-ADT3-W3 Yes,LS-ADT3-W3 Communication,LS-ADT3-W3 Analysis,LS-ADT3-W4,LS-ADT3-W5,LS-ADT3-W5 Yes,ADT3 # def leaf nodes,ADT3 # def nodes,ADT3 # atk leaf nodes,ADT3 # atk nodes,ADT3 # and (atk),ADT3 #or (atk),ADT3 LoA,ADT3 and:or ratio,ADT3 Multi parent nodes,ADT3 Multi refinement,ADT3 single child (atk),ADT3 multi countermeasure,ADT3 # refinement,ADT3 error count,ADT3 Cohesive,ADT3 Clear,ADT3 Concise,ADT3 Complete,SS-Q2,SS-Q3,SS-Q4,SS-Q5,SS-Q6,SS-Q7,SS-Q8,SS-Q9,SS-Q10,SS-Q11,SS-Q12,SS-Q13,SS-Q14,SS-Q15,SS-Q16,SS-Q17,SS-Q17 Correct,SS-Q17 Reasoning,SS-Q18,SS-Q19,SS-Q20
LT,1,,,,1,1,2,4,2,I found it difficult to find out the placing of the nodes in the tree. I think there are several interpretations and possibilities for the tree. I think this was the hardest part as it kept me reconsidering the tree’s structure and the nodes placing. Another part which was a little difficult was to define my own intermediary nodes. This was hard for me because I found it hard to indicate if the intermediary nodes were necessary or not as it would add another layer of detail. Another part which I found hard was that children of a node must have the same relationship. I get the idea but it forced me to use the intermediary nodes which I found hard itself (detail reasons). Overall this method gives me a good overview of all the threats and how to defend them.,I first used a bottom-up approach as I linked the leaf nodes to the same branch. Then I tried to form the tree but noticed that I was missing some intermediary leaves to make the tree complete. As I was figuring out which intermediary leaves I would use and where I noticed that this isn’t easy as there are several options of placement. To make this easier I tried to look at the tree top-down. This helped me in the placement and which intermediary leaves I would use. At this attack part of the tree was done. Next I added the defense leaf nodes to make the ADT tree complete. Next time I would immediately start approaching the tree topdown as I think this would make it easier.,3,3,10,17,1,4,5,1,0,1,1,6,3,1,2,The part which I find the most difficult was to analyse what was going on. By just reading the text I was not able to get a good overview of the attack and defense leaves. I had to work from sentence to sentence to identify all the threats and defenses. This is not hard but most of all time consuming.,After identifying all the leaves I started building this tree from a top-down approach. I started with the goal on top and started adding the first layer. These are all the ways of how to get in to the safe. Then I added the next level op abstraction. For example learning the combination can be done in two ways: 1. Safe combination is written on paper 2. Gets safe combination from owner. After all attack leaves were added I added the defense leaves to make the tree complete.,,3,3,5,7,0,1,3,0,0,1,0,2,1,1,4,1,After doing the first two exercises I started getting more used to making and reading ADT trees. This little experience helped me by building the last tree. In the first two exercises I started off by looking at the different levels as a timeline (later corrected). When I started with exercise three the concept of the different levels representing the levels of detail (components with subcomponents) was clear. This helped me a lot with making this tree. This also made making the attack and defend nodes the easiest part for me.,As mentioned before the concept of the levels representing the level of detail and not the timeline was the hardest for me. It took some time to understand this concept. After fully understanding this concept making and understanding ADT trees was really easy and helped to understand risk scenarios better.,I think ADT’s definitely could have a place in the cybersecurity. In my opinion ADT trees are very useful to get a clear overview of a security situation. I think ADT trees are especially useful for large situations with many possibilities. In comparison to written text with a description of the situation ADT trees give a better and faster overview of the situation. I think this would work perfectly within the cybersecurity industry as there are a lot of attack options and with an ADT tree all necessary defenses would be identified way easier and quicker.,1,1,1,I think a level of danger/likeliness for each attack would make ADTs better. Not every scenario is even likely to happen and it is now unclear which are likely and which not,I definitely hope to encounter ADTs more often. After understanding the concept I found it very easy to use. Both in making and reading the ADTs. In comparison to just plain text about a specific scenario ADTs help me to understand the problem way quicker and better.,1,3,3,8,13,1,3,5,0.3333333333,0,0,1,1,5,2,2,1,1,2,5,1,4,2,1,9,8,8,2,1,12,12,4,2,1,I don't get what the overall goal is,0,0,7,4,1
LT,2,0,Yes,Fault Trees and Event Trees,1,2,2,2,3,I found it the most difficult to think of intermediary nodes for the attack tree when only the leaf nodes were provided. Since some of the leaf nodes were not entirely clear to me from the beginning it became somewhat tricky to then define my own intermediary nodes. In my opinion it would have been easier if I could also define the leaf nodes myself because some of the provided leaf nodes were up to interpretation and could therefore have been interpreted in many ways.,First I added the root node on the top of my workspace and wrote down all the leaf nodes. Thereafter I approached the leaf nodes by understanding which leaf nodes were connected to each other (and could thus be linked through intermediary nodes). I did this for all leaf nodes until I had a basic structure for my tree after which I kept linking together my intermediary nodes with each other until I had a completed Attack Tree. In terms of the defense nodes I added these last after my tree was already complete because I thought it would be easier if I had a visual overview in determining where I would place the defense nodes.,3,3,10,19,2,6,6,0,0,1,0,9,1,1,1,I found it difficult to not add any information to the attack tree. I think this is because the provided scenario is relatively simple to understand so I wanted to include more information by perhaps adding some more intermediary nodes as well as leaf nodes.,Essentially I approached the attack tree in the same way as the text was written. I started with the root node after which I progressed to the second level of abstraction with the four ways to reach the root node. Thereafter when applicable I did the same thing with the next level of abstraction until I had reached the end of the text. In this case I did not add the defense nodes last as they were provided throughout the text. I was therefore able to add them following their corresponding attack nodes.,I started with the Root Node (Open Safe) because as previously discussed I approached the tree in the order that the information was provided in the text. Because the root node was the first node to be presented I started with this one.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,2,I find it very easy to understand threats by using ADTs because it offers a comprehensive and easy-to-understand visual representation of different threats and attack vectors which can provide opportunities to better understand how threats materialize and how to defend against these threats.,I find it particularly difficult to think of all the information required to complete an ADT. While it is easy to think of the first couple of levels of abstraction the deeper you go the more difficult it becomes. Furthermore I found it difficult to group some nodes (both leaf nodes and intermediary nodes) together. In some cases I found myself adding a node by itself which doesn’t in itself lead to another level of abstraction but which could help me further complete my tree by making the scenario clearer.,I definitely think that ADTs have a place in the cybersecurity industry because they can simplify complex relationships between components within a system or between systems for practitioners to better understand which threats they are facing and how to defend against particular threats. Furthermore I also think that ADTs offer practitioners in the cybersecurity industry the ability to learn that something very distant from an attack (a non-malicious act such as befriending someone) can at the end of the day have adverse consequences as this social manipulation can lead to cyber-related attacks or other undesirable consequences.,1,1,1,Because I am not so experienced with threat modeling it is difficult to say if anything is missing from ADTs. However I still think that ADTs can and should be developed continuously in order to improve our capabilities for modeling threats so that we can better understand them. One example of an aspect that could be implemented into Attack Trees is that of costs both in terms of attack nodes but also in terms of defense nodes so that those interpreting attack trees are able to understand the consequences of leaving particular nodes undefended.,I hope to encounter ADTs in the future and I am excited about the possibility to apply ADTs in other non-technical domains such as general crisis management and risk management to better understand complex risks that occur and how to defend against various threats.,1,4,4,9,19,3,5,6,0.6,0,0,2,0,10,2,2,2,1,1,4,1,2,2,2,8,1,0,2,2,3,5,4,2,2,The overall goal is kept because all potential attack vectors have counter-measures. Even the attack vector which leads to employee attacks has countermeasures for all its intermediary nodes while the other vectors have sufficient countermeasures combined with AND-relationships between the vectors.,0,0,5,3,2
LT,3,2-3 months,No,No,2,3,3,2,1,An Attack Tree really brakes down the problem into very small pieces. And it takes a lot of time and thought to throughly think about the details that an Attack Tree needs to contain.,I collected all the information that I had and that was given then step by step sorted the pieces and checked the requirements my project had to fulfill. I started top down and tried to think of the important key words relevant for the tree.,2,2,9,14,3,2,3,0,0,0,0,5,0,5,1,As this a new way of expressing an incident rather than with plain words it needs time to get used to how to understand and read the tree. Furthermore as one is still new to this one needs to go over multiple times over the tree to see if there are any mistakes due to the uncertainty of the new way of expression.,I collected all the information given to me. I draw firstly on Paper a tree with all the information that was given to me and tried to add and adjust it perfectly on paper. Then I thought about additional AND/OR gates and went through the tree top to bottom to see if the order makes sense.,The first node that came to my mind was after „Rob Bank“ whether its traditional (like in movies) or an Insider Robbery. So my first nod was „Social Engineering“,4,4,5,7,0,2,3,0,0,0,1,2,1,1,2,2,In comparison to writing a text it was easier because it was more straight forward and only the really important key words made it to the tree. This made the whole thing more structured than a text that might require much more in depth explanation that might distract from the really important key words.,Besides the newness it was quite time consuming to find a software online to fill in the tree. The tree itself is rather simple but writing text is much more easier on a computer than drawing an ADT.,I absolutely think ADT have a place in the Cybersecurity industry. I think especially in criminal investigations and penetration testing of software or ethical hacking they are a great starting point in finding the weakest links and security threats and lacks.,1,0,1,I think due to the fact there is only little text some might not understand details or misinterpret some terms. But other than that they are straight forward.,I do hope to encounter ADT’s. However I would definitely prefer not to write them anymore myself because it is quite the time consuming process especially due to the lack of good (free) softwares that help drawing good ADTs. Nevertheless reading them was much more time efficient than reading a text and therefore I enjoyed them from that perspective.,1,8,8,9,14,1,4,4,0.25,0,0,0,0,5,0,1,1,1,2,,,,,,,,,,,,,,,,,,,,,
LT,4,,,,1,3,4,2,5,To me the most difficult part is ‘finding’ the correct order of certain nodes since one can argue for different orders of nodes for the same ATD. For example in the 3rd ATD for this assignment the attack node ‘cheat’ is not related to ‘have someone take the exam for me’ even though this is cheating as well. However for the ‘have someone take the exam for me’-node to fall under cheating I would have to take the exam myself. Therefore the structure of ADT’s can be difficult for me.,I solved this by adding the same defense node for both ‘cheat’ and ‘have someone take the exam for me’ nodes.,2,2,3,10,0,2,7,0,0,5,0,7,5,1,3,reading the descriptions of attacks were more difficult for me than reading attack trees. This is because an attack tree gives you visualization of what the descriptions of attacks logically should be. For example in order to pass the ICS exam one must study. This is logical but seeing it in an ATD with ‘pass ICS exam’ as the upper attack node and ‘study’ below it makes more sense due to the physical structure rather than merely reading the words.,I first read the text and while reading I wrote down the defense and attack nodes I recognized. Then I ordered them logically meaning using common sense to understand that for example one can find the combination written down before they can learn the combination itself.,Open a safe.,2,2,5,7,0,2,3,0,0,0,0,2,0,5,1,5,reading them,assembling them in a proper order,I do think ADTs have a place in cybersecurity for example in risk management (for example one can use an ADT to illustrate how to prevent a MITM attack),1,1,0,What should be kept in mind is that there are black swans scenario’s that always have the possibility of occurring. However an ADT might give the illusion that this is untrue because it already has ‘all’ the possible scenario’s. To me that aspect is missing or more so easily forgotten when analyzing an ADT.,Not really.,0,3,3,6,12,1,3,4,0.3333333333,1,0,2,0,6,3,1,1,2,1,,,,,,,,,,,,,,,,,,,,,
LT,5,0,Yes,Fault Trees,1,2,2,3,1,Figuring out where each of the leaf nodes would go is what took the longest to do. As there are no hints to which leaf nodes go together creating intermediary nodes also became a bit of a struggle.,Worked top-down starting from the root node. From there intermediary nodes are made by separating the medium in which robbing a bank can happen. The leaf nodes are then attached to the corresponding intermediary node.,2,3,10,18,1,6,3,0,0,1,0,8,1,2,1,Keeping the labels for each node concise and clear is what I find most difficult for this task as the attack scenario gave a lengthy description. However it is comparably easier than assembling the ADT in the previous task.,Again I built the ADT top-down starting from the root node. I followed the attack scenario step-by-step while also identifying which of the description is an attack node or a defense node.,The first node I added was the root node.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,1,ADTs create a visualization of written scenarios. This gives a clearer understanding on where each detail of the scenario stands and how they interact with one another to build the attack scenario.,In some scenarios nodes with the same labels may be present in different attack vectors. It might take more effort to take this into account when analyzing the ADT as these nodes are in different branches of the scenario. I also find it difficult to use the ADT when the attack scenario is complex with many intermediary and defense nodes as it can get confusing.,I do think ADTs have a place in the cybersecurity industry because it provides a detailed step-by-step overview of how a scenario takes place. In my opinion ADTs can be particularly helpful for cybersecurity analysts secure software engineering as well as in designing a secure architecture in organizations. It can be used to understand how past scenarios had taken place and become lessons learned for future references.,1,0,1,Some nodes on the same level have different relations with one another and that children of a node cannot have different relationships. Having to add intermediate nodes in my opinion makes the ADT look more complex than it should be.,Yes especially in situations where communicating a threat/attack scenario is needed.,1,4,4,11,19,2,6,5,0.3333333333,0,0,0,0,8,0,1,1,1,1,3,1,2,1,2,5,1,0,2,2,3,6,5,1,2,No because some attack leaf nodes don't have defense nodes to them leading to some attack vectors not having defenses. Hence the overall goal is not kept.,1,1,8,2,1
LT,6,,,,1,4,2,5,4,The hardest part about this assignment was that it was stated that they are all leaf nodes and they have no children which means that everything ends at these nodes. But by logic this is weird since say gain access is hard to get anywhere near the bottom. So this confused me a lot,The task indicated that they were all leaf nodes so there were no children. Because of this I assumed that they all had to be the last of a branch. Since it was not necessary to add between nodes I chose not to do this.,2,2,9,9,0,1,2,0,0,0,0,1,0,4,2,I found this task less difficult than the previous one. There was a lot more clarity in the story now that allowed me to really figure out how it had happened. I find it most difficult to place the defense nodes I was very doubtful whether they should be before or after the attack nodes.,I started with a quick read through the story to see what it would entail then I went through the story line by line and added the nodes line by line.,so the first thing I wrote down apart from the goal was pick the lock.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,1,ADTs are easy for reading difficult complex cases with many causes . When things are pretty clear and easy an ADT isn't much use.,I find it a bit difficult to make ADTs myself. I think experience matters a lot and you also have to be very aware of the problem before you can make an ADT.,I think ADTs are quite important to the cybersecurity industry. Especially for these complex problems of which not every 'normal' person knows how it works it is useful to show this in an easier way with the help of an ADT. As a result you do not need to have any knowledge of programming or hacking but you do know how something is done.,1,1,0,As far as I'm concerned the distinction between OR and AND could be made bigger as I often overlooked it myself.,Yes to get difficult complex tasks explained. I would also be interested in making ADTs as I think the more you do it the better you get at it. It is better than writing a large report as well as for you as for the person that needs to read it.,1,4,4,10,19,0,6,5,0,0,0,3,1,9,4,2,2,1,1,4,1,2,3,3,8,4,3,2,3,5,7,5,2,3,Yes the goal is often at the very top so if the goal is data confidentiality then it is still easy to read.,0,0,8,2,2
LT,7,,,,2,3,4,2,4,What I found most difficult about this task was that I could only use the given leaf nodes. I especially struggled with giving “gaining access” a place as I would have liked to pair it with an “hack into the system” leaf node with an “AND Refinement”. Additionally I was not sure if leaf nodes could be only child.,Under “eliminate security systems” I could not figure out how to not make up my own leaf node and how to not make the leaf node only child. I ended up making it only child in the hope it is correct.,2,2,9,16,3,3,5,0,0,1,0,7,1,1,1,There was nothing difficult about this task.,I quite literally build the ADT while reading the scenario. Since the scenario is written in chronological order this was pretty easy to do. The first thing I added was the goal as the root node and the last thing was the memorization defense node.,The root node.,3,3,5,7,0,2,3,0,0,0,0,2,0,3,4,4,What makes ADTs easy to understand is it being visual. You can easily pinpoint attack nodes that are not defended against.,That you must first have a very precise scenario description in order to make a ADT that works.,I think it does have a place in the cybersecurity industry. If a company would write reports on potential threats to their network it is easy to read over some parts or just ignore it. With an ADT engineers are confronted with the weak spots in the system visually and they will be forced more to realize a defense node.,1,0,1,Budget always plays a big role and I think that it is hard to determine whether a defense node is realistic. For example with my ADT on how to steal money from a grandma one of my defense nodes was installing a security system. Though maybe there is no budget to install this. Does this defense node then still deserve a place in this ADT? So I think that budgets are missing from ADTs.,I hope to encounter an ADT in the future. I think that in many sectors they can be applied and would add a lot to problem solving processes.,1,3,3,7,12,1,4,4,0.25,0,0,0,0,5,0,1,1,1,1,3,1,3,1,1,5,4,2,2,1,3,6,5,2,1,Yes no attack end goal can be reached because of countermeasures,0,0,7,2,1
LT,8,0,Yes,Yes,1,1,2,4,2,The most difficult about this task would be the use of only two intermediary nodes since they can only have two children. Sometimes my nodes would overlap and the only pairing two children(components) to one parent became difficult.,I imagined more scenarios. I let myself think more creatively and came up with different scenarios.,2,2,9,17,2,6,5,0,0,0,0,8,0,5,5,I found it difficult to visualise the actions in the text. I do not really understand which action comes before the other. In my head my ADT can be correct according to the text however I think multiple ways are correct. I find it difficult to choose the “most fitting”.,I just followed the first thing the text said. Thus the text started with the goal is to open a safe I added that first and then the attacker can pick the lock which I then created next.,I first added the Root Node which is the goal to open the safe or “Open Safe” in my ADT.,2,2,5,7,0,2,3,0,0,0,0,2,0,2,1,2,The visualisation of a certain scenario makes it easy to understand the scenarios.,Sometimes actions can overlap which causes you think long and hard if there are other possibilities,Yes because it is very useful for threat models and risk management. By having scenarios visualised as a ADT it will become clearer to some people who are good at visualising.,1,0,0,I cannot come up with anything that I am currently missing from ADTs,I would not mind if I encountered ADTs in the future since I know how to read and make them.,0.5,2,2,6,10,1,3,4,0.3333333333,0,0,0,0,4,0,1,2,1,1,3,1,0,1,2,5,8,7,2,3,,,,,,,,,,,
LT,9,,,,2,1,2,3,1,Although while creating the ADT I noticed a difficulty in which I could not incorporate certain leaf nodes such as locate start of tunnel and find direction to tunnel into the ADT without adding an intermediary node myself. In general I would consider this process of coming up with intermediary nodes myself to incorporate the other leaf nodes the most difficult in this case.,To fix this problem I first placed the leaf nodes that I was reasonably confident were positioned properly. Subsequently I noticed that I was left with several empty spaces after placing all the given leaf nodes. Taking this into account and my own logic I added some intermediary nodes this way myself.,1,2,6,13,2,2,6,0,1,3,1,6,5,2,1,Unlike the previous assignment where the leaf nodes were provided this second task provided only a brief description of the attack. For this reason the difficult part of this task was to identify the leaf nodes themselves and place them in the correct position in the ADT.,Before I started building the ADT I first carefully read the description of the attack. As a second step I identified the attack nodes and defense nodes. Subsequently I analyzed the relationships between the identified nodes and in the process placed them at the correct position in the ADT based on their relationship. Finally I considered whether AND and/or OR linkages should be present between the leaf nodes based on the text.,The first node I added was an attack node labeled Open the safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,2,The convenience of using ADTs is that a process can be clearly depicted with only a few words while simultaneously portraying how certain attacks and defense mechanisms are related. This also makes communicating more efficient as the information of the scenario can be conveyed briefly but effectively.,Outlining an ADT can be cumbersome especially when numerous factors are involved such as multiple attack techniques and defense strategies that may overlap. After all you want to outline this as effectively as possible since space on paper is limited.,Since my own scenario involves a data breach and is a topic within the cybersecurity industry I believe ADTs can be well applied within this domain. A cybersecurity incident can often occur in many different ways and often has multiple causes. An ADT in this case can identify all the weaknesses that can be exploited by different cyber-attacks and implement appropriate defensive measures accordingly. Finally the various cyber-attacks have interconnections that are more clearly mapped in this way.,1,0.5,1,Considering that ADTs contain relatively few words details may be omitted. For example a defense mechanism may be inadequately described thereby leading to incorrect implementation. Thus brief descriptions can be misinterpreted and as a result an ADT can lead to miscommunication. In addition in terms of time an ADT does not provide any timeframe for implementing certain defense mechanisms. Therefore in my opinion an ADT could be used as an addition to a textual description rather than using it as a replacement.,Yes I hope to encounter ADTs in the future. I would love to be able to work with ADTs as I generally see them as an efficient way to communicate however I would not want to depend solely on ADTs but rather merely use them as an addition.,1,11,11,10,15,0,3,5,0,0,0,2,3,5,5,3,1,1,1,,,,,,,,,,,,,,,,,,,,,
LT,10,,,,1,1,2,1,1,The most difficult part of this task was finding the right intermediary nodes. To find this you must really imagine how bank robbery would take place and what nodes fit together.,I grouped Nodes that fit together like steal and buy tools and locate and find direction to the tunnel. After grouping the nodes that fit together. I had to create an intermediary node where both nodes can be leaf nodes. I came up with 4 scenarios. The tools would fit perfectly with a physical lock. While gaining access or threaten insiders would fit nicely with a digital lock.,2,2,9,23,0,8,6,0,0,6,0,14,6,4,1,The most difficult part of this task was adding the node “find written down code”. I made it a separate attack leave as I thought the safe owner doesn’t have to be the only one that had written down the code. Maybe an employee did some shadow security and had written the code down to save time.,The text starts with four ways the attacker can open the safe. I wrote all 4 down. Then the text gave a measure it can defend the attack against a lock pick and an improperly installed lock. Afterwards the text gave two scenarios’ how the attacker could obtain a combination. Either through the safe owner or a written down combination. The combination,,2,2,6,9,0,3,3,0,0,0,0,3,0,4,1,,ADT makes it easy to visualize the attack. It also helps with understanding the possible paths an attacker has.,ADT use short bullet points which 1. does not tell the whole story 2. Simplifies the situation,Yes 1. ADTs are excellent as a starting point to brainstorm attacks and defending of the attacks 2. Great to visualize which will help give a better understanding 3. Easy to understand which can help for those not that tech savvy.,1,1,1,It can miss detail. Some attack scenarios need to have more detail if it is complex and that can make an ADT messy. 2. Gives a false sense of security. As attackers are very crafty in their attacks.,Yes I think they have a place. They are especially great to explain to less tech savvy or to brainstorm.,1,7,7,5,8,0,3,3,0,3,0,0,4,3,7,1,2,1,2,3,1,2,1,1,8,4,3,1,4,5,6,2,1,1,yes,1,0,2,1,1
LT,11,2-3 months,Yes,Fault Trees,1,2,4,2,1,Figuring out which leaf node goes where and which intermediary nodes I should then create. Furthermore it was difficult to interpret some leaf nodes such as hire outright and gain access.,I wrote down all leaf nodes and started assembling them in an order which could make sense and along the way I would create intermediary nodes and see if it would make sense. This assignment was the hardest for me so it was mostly try and error until I was satisfied with the result.,2,2,9,15,3,4,5,0,0,0,0,7,0,1,1,Figuring out which leaf/intermediary node connected to which leaf/intermediary node and which defense node connected to which leaf node.,I started with incorporating the root into the ADT. Next I read the text scenario line by line and marked whatever attack or defense node would make sense connecting with a specific color. Afterwards I wrote them all down and started assembling them in the correct order starting from the top (the root node).,The root node.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,5,1,The step by step character it has. First you look at the root node (attack goal) then you look at the possible ways you can achieve the root node etc. It is a very easy way to get a clear picture from a certain situation.,It was difficult for me to establish an ADT when the leaf nodes were already provided and I had to come up with intermediary nodes without adding more leaf nodes. But still a fun puzzle.,Yes I think ADT’s have a place in the cybersecurity industry. Cybersecurity issues can be hard to understand for a lot of people. An ADT would help with making the steps and defenses involved in an attack easier to understand. It would be nice to use ADT’s in policy-making institutes such as a national government. An ADT would help translate (and provide a clearer picture of) certain attacks to policy-makers.,1,1,0,I do not think there are any aspects missing from ADTs.,Yes I do. It really aided me in understanding the attack scenario better.,1,7,7,14,26,0,9,5,0,0,0,2,0,11,2,1,1,2,1,,,,,,,,,,,,,,,,,,,,,
LT,12,2 years,Yes,Fault Trees,1,3,3,2,1,The most difficult part I found about this task was assembling/placing the attack leaf nodes. I found this part difficult a I believe that there were gaps in the scenario provided through the list of attack leaf nodes. More specifically the attack leaf nodes were not detailed enough leaving a lot of room for interpretation. As a result me as the assembler can spend a lot of time on designing the ADT.,My methodology for this task was to first identify which attack leaf nodes had the most direct relationship with ‘robbing a bank’. Upon finding two that did I analysed the relationship between the attack leaf nodes. This is how I assembled each attack vector. For the defence nodes I tried to find a relation between defence node and attack leaf node.,2,2,4,11,1,2,6,0,0,4,0,7,4,2,2,What I found most difficult about this task was assigning the counter measures to the attack leaf nodes. This was difficult as the defence nodes could easily be assembled to multiple attack leaf nodes.,Seeing as the scenario described where the defence leaf nodes would be the most effective I followed the scenario provided. However this did affect my understanding of the attack scenario.,,2,2,6,9,0,3,3,0,0,0,0,3,0,1,2,,What I found easy about using ADTs is interpreting whether there is a dependent and sequential relationship or an OR relationship.,Fully understanding the attack scenario as the nodes aren’t detailed thus a lot of room for interpretations.,I believe that ADTs can be beneficial to the cybersecurity industry as it can help in risk assessments preventive policies as well as make key analyses. However one should not fully rely on ADTs in the Cybersecurity industry. As this industry is too complex and constantly evolving. Every attack is dynamic.,0.5,0,1,I think that a time frame should be added to the nodes This would make responding to the ADTs more effective.,No I do not.,0,3,3,7,10,1,2,4,0.5,0,0,0,0,3,0,1,3,2,2,3,1,2,3,2,5,4,2,3,1,2,4,3,5,1,,,,4,5,1
LT,13,0,Yes,No,1,2,2,4,1,Assembling intermediary nodes because it was hard to figure out where each attack nodes belong on the group,I started from the top then bottom.,2,2,7,13,1,4,4,0,0,1,0,6,1,2,1,Figuring out which of the nodes are defense nodes because they are a little bit hard to identify,I started directly from the text it wasn’t hard to identify the attack nodes,I added the attack nodes,3,3,5,7,0,2,3,0,0,0,0,2,0,2,1,2,It is easy to understand as it is in a graphical format,Figuring out where the nodes go,Yes as threats are complex to understand. It could help map out threats and scenarios,1,0,1,No aspects are missing,Yes,1,4,4,4,6,1,1,3,1,0,0,0,1,2,1,1,2,1,2,,,,,,,,,,,,,,,,,,,,,
LT,14,3 months,Yes,Fault Trees,1,2,4,4,2,In my opinion the most difficult part of this task was understanding which intermediary nodes are necessary for the leaf nodes to make sense knowing the general goal. This is because even if a lot of information was already provided it is arguably more difficult to find the middle steps. The difficult part about this was also the interpretation of the leaf nodes provided which based on how they are read they can change the whole meaning of the ADT.,I started from the attack leaf nodes slowly understanding which of them were the children of the same intermediary node and of these which were also interconnected to each other (when the intermediary node could not be achieved without a certain amount of leaf nodes accomplished f.e. to achieve a successful Hit an Run you need to both “enter through the door” and “threaten the insiders”). After this step I identified the intermediary nodes that would connect the leaf nodes to the overall goal of the scenario. In the end I fixed the general structure and added the defence leaf nodes.,2,2,9,14,3,2,4,0,0,0,0,5,0,2,1,I found this task to be much easier than the first one because every information was already given and it was simply necessary to create the ADT itself. The difficult part was making sure to include all intermediary nodes and leaf nodes. With this I mean that for some of the information given it was difficult to understand if it was necessary to make separate the nodes as in the part about installing the safe improperly. In fact initially I thought that that “branch” was simply one leaf node. But then I realised that to open the safe by installing it non-properly it was necessary to install the safe improperly beforehand which meant that the branch was made of two different steps and the defence leaf node of “auditing services” was related to this first step of installing the safe improperly.,In this case my methodology to build the ADT was quite the opposite of the previous exercise. In fact I started by highlighting in the description of the attack what would be the main goal (in yellow) the attack nodes (in pink) and the defence nodes (in green). Then after this step I started from the nodes closer to the goal and in order created the first level. Then as the description progressed and gave more detail of each of the 4 methods that could be used to open the safe I reflected this in the ADT by adding the second level of attack nodes. Moreover in the end I added the defence leaf nodes.,The first node added to the tree was “Pick the lock” purely because it was the first that appeared in the text.,3,3,5,8,0,2,3,0,0,1,0,3,1,1,4,1,I find ADTs very easy to comprehend since they allow to have an overarching and general understanding of the possibilities of an attack. Moreover structuring and organising an attack using this kind of tool can greatly help to finding solutions and possible defence mechanisms.,ADTs are difficult to organise when starting from scratch. Moreover it is difficult to make them in a way that allows to capture all the possible factors involved. This is also because some factors have heavier impacts than others.,I believe ADTs are excellent tools for risk management which can also be applied to cybersecurity but only if used together with other tools that allow a more comprehensive understanding of the attacks and the ideal responses to them. ADTs can be used both at the technical level as well as the governmental one. This is because of their rather versatile nature. Based on how technical and specific each structure is different levels of cybersecurity can take advantage of this tool.,1,0.5,0.5,I believe ADTs could benefit from the implementation of a sort of hierarchy in the different nodes. This is because some have very different effects/impacts and/or might be much more likely to be used by attackers. It is impossible to be prepared under every point of view so this could help prioritise which aspects of the attack should be taken more under control and which require less attention. Moreover what I believe ADTs lack is contextualisation. Even if scenarios have the same possible attack modalities the geographical political historical context can make a great difference in carrying out the “same” attack.,Yes I would be interested in working using this kind of threat models however by themselves can end up oversimplifying the issue by making it a bit reductive. For this reason I think they are useful tools that have a lot of good use but need to be improved to be more effective.,1,2,2,10,18,2,5,5,0.4,1,0,1,0,8,2,1,1,1,1,3,1,3,1,2,6,5,4,1,2,8,12,5,1,2,No there are more counteractions that can hider the success of the goal,1,0,8,2,4
LT,15,0,Yes,Yes,2,1,4,2,2,Assembling the Attack leaf nodes and intermediary nodes in way everything makes sense,I used a bottom-up method to solve the problem. I looked at the given leaf nodes and assembled them at the bottom. Then I further added my personal nodes in the process to connect all of it.,2,2,10,17,3,2,4,0,0,1,1,6,2,1,2,Building the ADT only using the given nodes posed a small difficulty,I started at the top and went through each branch separately. At the end I added the defense nodes,The root node,3,3,4,8,0,1,3,0,0,3,0,4,3,2,3,1,The visual representation makes the scenario more comprehensible and easier to understand. Different outcomes and scenario can be modelled in a better way as it could be done by writing it down in a text.,When starting from scratch it can be a little difficult to think of all the possible scenarios but also keep the ADT to a reasonable size and not go into extensive detail.,Yes I definitely think ADTs are a good way to show threats and possible outcomes in a visualized manner. This can help to understand the root causes process and possible outcomes in a clear and coherent way.,1,1,0.5,Due to the limited knowledge I have obtained about ADT and threat modelling until this point it is not possible for me to say if anything is missing.,Yes I do hope that in the future ADTs will be used to present and simplify threat modelling.,1,2,2,9,17,1,3,5,0.3333333333,0,0,4,2,8,6,3,1,2,2,4,1,2,1,2,5,4,0,2,1,4,6,5,3,2,No it is not because employee attack has no defense node,1,1,3,3,3
LT,16,,,,1,2,2,4,2,Understanding what each node actually means and how they can relate to each other because there is no information added to them except for the context. Especially the “hire outright” which I interpreted as getting someone to be hired by the bank as an accomplice and the “personnel risk management” which I interpreted as training the bank personnel to be prepared to respond to a bank robbery.,I went step by step and tried to find some “chronological” and logical connection between nodes. I then tried to picture each scenario in my head whether it made sense and adjusting the nodes accordingly.,2,2,5,10,0,2,5,0,0,3,0,5,3,4,2,Where to add the ‘safe models that can’t be picked’ and the ‘auditing service’ as defence leaf nodes. I was doubting if it should come before the node or between the node and the goal.,I progressively build the tree as I was reading the attack scenario I added all the different steps I could spot as nodes. Then added the defence leaf nodes at the end to their respective safe cracking method.,‘Open safe’ was the first node I added to my tree,3,3,5,7,0,2,3,0,0,0,0,2,0,2,1,2,Reading an ADT and understanding it.,Correctly adding the defence nodes to the tree.,I think they do they could be helpful to understand how cyberattacks work and how to effectively defend against them. It helps to visualise and think of obstacles to make a successful cyberattack less likely to happen.,1,1,1,I don’t think any aspects are missing except maybe the fact that the nodes have to be concise so they lack explanations.,Not necessarily.,0,5,5,9,14,0,2,4,0,0,0,3,2,5,5,2,1,2,1,4,1,2,2,3,6,2,1,2,3,5,3,4,5,4,I think so because most attack node also have a defence node to counter them.,0,0,7,5,5
LT,17,Less than a year,Yes,No,1,2,4,1,1,The most difficult was figuring out which intermediary nodes lead to the root node given only the leaf nodes. For me it would be easier to start at the root and then keep going down until the final leaf nodes are found and not given.,I tried to figure out which leaf nodes are connected and which relationship they had (AND or OR). Then figure out which intermediary node connects the leaf nodes and make my way up to the root node.,2,2,9,17,3,4,4,0,0,1,0,8,1,5,1,If the “find written password’ and “get from safe owner” were in an AND or OR relationship. But I reasoned that the attacker can get the password another way than from a not thus I put an OR relationship.,Top to bottom approach for this task this was the easiest because all nodes were given. Start with root node → intermediary nodes → leaf nodes → counter measures.,Open Safe root node,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,That I can easily express my ideas in a visual way and without too much text. Also that both attacks and countermeasures can be put into perspective to better understand the security situation.,Trying to figure out if where the countermeasure go if in the leaf nodes or in the intermediary nodes sometimes both work.,Yes definitely I think it’s a good way to communicate attacks and defenses especially to non-technical people.,1,1,0,To the one from this assignment SAND sequence because the order of the AND sometimes matter.,Yes hopefully it will become more popular in presentations,1,4,4,8,13,2,3,4,0.6666666667,0,0,0,0,5,0,1,1,1,1,5,2,4,2,1,9,8,3,2,2,12,6,5,2,1,No because most attacks are specifically designed to target the defensis directly.,1,0,8,2,1
LT,18,0,Yes,No,4,1,4,3,2,While I think it could be beneficial to only give leaf nodes for those who want to define their own intermediary nodes I personally found it rather difficult to assemble the Attack-Defense Tree. I think the difficulty in this task can be found in the interpretative nature of it. Thus while one interprets gaining access in one way I might interpret it differently and therefore apply it in a different manner. This does not particularly have to be wrong. Rather it might lead to new perspectives however if the main objective is to assemble a particular final ADT I would say this is not the most effective method.,My methodology was to start by categorizing the attack leaf nodes. As they are leaf nodes all these given nodes could not contain children. That means they will all be located at the bottom of an attack-vector. For instance I assumed that ‘walk through front door’ ‘locate start of tunnel’ and ‘find direction of tunnel’ all fit the category of entering the bank before robbing it. Once I formed this one category I tried to find out which other attack leaf nodes could be combined or categorized under the same added intermediary node. Finally I thought of possible defense leaf nodes which could add to the containment of the main risk (bank robbery).,4,4,11,20,2,6,6,0,0,1,0,9,1,3,1,The most challenging part would be to ensure that the attack tree encapsulates the entire scenario including every single aspect. Again it depends on how the reader interprets this description and to what extent it acknowledges a particular phrase as a separate aspect or not.,Instead of a bottom-up approach like the first assignment I used a top-down approach. The scenario opens with the goal which is the root node followed by four scenarios to achieve this goal. One of them is indirect so I separated them into direct and indirect attacks followed by the four scenarios. Then I added both defense nodes and children nodes in no particular order dependent on the sequence in the written scenario.,Open a safe.,3,3,5,9,0,3,3,0,0,1,0,4,1,1,4,1,I find that using ADTs allows me to get a better overview of an attack than a written description. I do think a short description to elaborate on certain specifics of the ADT could be beneficial especially in large ADTs because they tend to be intimidating.,I find it difficult to find the right sequence or intermediary nodes that align with the root node. In addition I find it difficult to decide when creating a personal ADT when I have included enough. In this case stealing personal banking information can be done in numerous ways it could be in that many ways that not all the information could fit the ADT. I want to emphasize that this ADT is non-exhaustive and there may be more attack-vectors that could be added as well as defense-nodes. However in case the ADT became larger I think it would become very difficult to use and read.,ADTs can have a place in cybersecurity under the condition that the root node is specific. If it is too broad it will become difficult to assess the specific needs that must be met to defend against certain attacks.,0.5,0,0,I think ADTs should always be introduced with a short scenario explanation. Throughout this project I have noticed that while attending and revising the lecture on threat modeling I made a lot of mistakes on the quiz. In addition I noticed that me and some peers had different thoughts about how to interpret leaf nodes. At times when the leaf nodes are very generalized such as ‘gain access’ it is unclear under which vector this could be added as it could apply to almost all of them. For those types of leaves the question remains: ‘gain access to what?’ Adding a short explanation could justify (part of the) ADT.,It would be interesting to see ADTs in the future maybe even improved models but I do not particularly hope to encounter them again.,0,9,10,14,23,5,5,5,1,0,1,0,0,9,1,1,2,1,1,5,1,2,2,3,9,3,2,2,2,3,5,4,2,1,In this case the overall goal is a defense node (data confidentiality). Assuming that if all attack vectors contain a defense node all the attack vectors are sufficiently being defended against this results in the following. Looking at the attack vectors as self-contained scenarios I observe 1) employee attack; 2) break-in; 3) dictionary attack 1) The employee attack is covered by screening and sensitivity training 2) The dictionary attack could be contained by maintaining strong passwords however there is still a risk that a note can be found or the password is used on another account making it vulnerable to dictionary attack 3) In addition the break in attack vector is not sufficiently being defended against as the lock can be forced open or opened by acquiring keys. Lastly the security guard might be a liability as he or she can be bribed overpowered or his or her keys could be stolen. For that reason the goal is not kept and some considerations need to be taken to improve the maintenance of data confidentiality.,0,0,2,4,2
LT,19,,,,2,1,4,3,2,Figuring out where the leaf nodes go and what each of them mean. Since not all leaf nodes were easy to understand where they fit in the overall tree it is hard to find a place for them and requires creative thinking to assemble them.,I laid down my initial thoughts of the possible ways these nodes could be put in and then tried to find ways to match them. It was a trial and error fitting in pieces in the overall tree. Brainstormed ways to add those that made no sense at first glance.,2,2,9,19,2,6,6,0,0,2,0,10,2,2,1,I found this task pretty easy to do. Hardest part was not being able to add any more steps that would lead to those provided already. Once you get the idea and you lay out your leaves and nodes it is easy to build.,I started by writing all the steps / nodes / leaves in boxes and then reading through the text assembling the tree step by step top to bottom.,‘Open safe’ followed by all four possible ways of opening the safe as listed on the text description.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,3,1,It uses an easy to follow structure where you can visually explain the different possibilities and defense mechanisms that can lead to an event.,Having only some leaf nodes or missing information can be hard to fit into an ADT as it requires creative thinking. Likewise creating the ADTs (from a design perspective) can be challenging without proper applications to do it. I did it through google slides which requires readjusting several times to fit larger ADTs.,I think ADTs are a simple and effective way of visualizing data and demonstrating defense barriers to possible ways of carrying out an attack. This is useful when presenting to people who might not be too experienced in the field but I feel they might be too basic for professionals.,1,1,0,Descriptions of how to carry out some tasks. Some nodes are oversimplified or skip steps necessary to achieve the outcomes.,Yes.,1,5,5,10,19,1,5,5,0.2,0,0,3,0,9,3,1,1,2,1,3,1,2,1,2,5,4,0,2,3,2,6,5,4,4,Yes because there are defense mechanisms for every possible attack,0,0,8,4,4
LT,20,3 years,Yes,Fault Trees,1,2,2,2,3,The most difficult part about this tree was that the nodes are not very clear. Meaning that very little explanation for the nodes can be found in the other nodes. I feel like I should have added more intermediary nodes to make more sense of the tree however on Brightspace it was mentioned that we should not have added any nodes at all.,First of planted all the nodes randomly on the paper. I then started working top down finishing one branch before starting with another.,2,2,7,13,1,4,5,0,0,1,0,6,1,2,3,The attack tree seems very simple / straightforward (very little intermediate nodes). This causes me to think I have misunderstood this part of the assignment.,I first marked the text dividing it into the top nodes intermediary nodes and defense nodes. I then started building the tree from a top down approach finishing one branch of the tree before starting with another branch.,The first node that I added to the tree was the pick lock node.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,ADT’s have a very clear structure that makes it somewhat easier to visualise how an attack would go every step of the way. This makes it easier when creating your own ADT’s to conceptualise the next step in the tree.,ADT’s such as the one in part one and two are very uncomprehensive it feels like parts are missing that could further explain the individual nodes. This complicates things rather than make them clearer.,Yes I think they have a place in the cybersecurity industry. Cyber-attacks can very easily become very complicated. Often many steps need to be taken to complete a specific attack. Devices and services operating in the cyber realm are often very complicated with many essential parts and processes. This means that there are many grounds for possible vulnerabilities. ADT’s can be used to effectively and comprehensively break down structures to expose all individual components and their vulnerabilities. This way a clear overview can be made that may expose more vulnerabilities.,1,0,1,ADT’s are made to be a very concise yet comprehensive overview of all possible threats and vulnerabilities. This means that little to no explanation is provided for the individual nodes. There is no reasoning for the nodes.,ADT’s can be a very helpful tool. So I hope to encounter ADT’s where one could be helpful.,1,3,4,9,18,2,3,5,0.6666666667,0,0,4,1,9,5,2,2,2,1,3,1,2,1,3,5,2,1,2,2,1,2,3,2,1,No there is a working countermeasure.,1,1,6,2,1
LT,21,0,Yes,Yes,1,1,2,1,1,I found it most difficult to come up with all the in between steps you have to make you cant just go from hiring a crew to walking into the bank. You often forget the steps and only look at the big picture of robing the bank but there is more involved that you are forced to explore using this format.,I started from the top and looked down how did I get into the vault of the bank? And wrote down the possible ways. I then went and said again how did I get in this position what do I need to get here is it just one item or is it two things that have to happen. I did this with every step.,4,4,7,24,1,3,6,1,0,10,0,14,11,2,1,( I don’t know which task you refer to as this question was already asked before) same answer as in short response question 1.1.2 1.,Also kind of the same answer as I gave before. I looked from it top down and at every step I asked myself how did we get here what has to be done etc. this helped me understand the small steps in between.,The first node I put down was the top node rob bank.,,,,,,,,,,,,,,1,3,1,Its easy to lay out the entire scenario in an easy and quick overview. You can clearly see what follows what event.,I found it difficult to use the given nodes as it influences how you see a scenario and the one giving the nodes is. You have to adapt the scenarios to the given nodes.,Yes I do think they have a place. It would be a good thing to have to show people that know less about all the aspects of cybersecurity to still have an overview of what happens where and how that can be stopped or where they stand in the process. This could help them understand their place more and maybe increase their awareness of cyber security issues they come across.,1,1,0,To give more context to the nodes. It is really just key words back to back which can be hard to understand sometimes if you don’t fully know what the key words mean. Having the ability to give some context to these nodes would be helpful.,I hope to encounter them in the future as I am sure it would save a lot of work and time reading through excessive scenarios fully written out. And in this format it would give an easy to understand overview of all of it which is easy to follow.,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
LT,22,1,Yes,Yes,1,1,2,1,1,The most difficult part of the assembling was to logically put them into order. Because locating and finding the direction for the tunnel could be flipped and that would still make sense.,My methodology was to make sense logically from the bottom to the top. Because there are many other solutions on how to rob/counter a bank and this is only one option.,3,3,4,11,1,1,4,0,0,5,0,7,5,3,1,The most difficult part was not adding extra information. Because I wanted to continue with the method how to get the key from the owner of the safe.,I started by looking for options on how to open a safe from the text. I noted down all the attack methods and possible defense methods to assemble.,I went from open the safe to pick the lock.,2,2,5,7,0,2,3,0,0,0,0,2,0,1,3,1,Using ADTs help visualizing problems and it makes thinking easier.,Sometimes put things into logical order need a moment to think.,I definitely see ADTs being used in the field because it could be used to visualize cyber threats. I think because it is easy to understand it can be used anywhere like companies police or governments.,1,1,0,ADTs does not necessarily can help avoid human mistakes. But it can visualize it.,Yes I liked using them for the assignment.,1,2,2,9,19,1,5,6,0.2,0,0,4,0,10,4,2,1,2,1,,,,,,,,,,,,,,,,,,,,,
LT,23,None,Yes,No,1,1,2,3,1,Figuring out which leaf nodes have a relationship with other leaf nodes and how to connect them through specific intermediary nodes,First I made all the leaf nodes and grouped them according to what I thought was logical. Then I thought of ways to connect the leaf nodes with each other. Then all I had to do was assemble and establish connections,2,2,9,15,2,5,4,0,2,1,0,6,3,2,1,Figuring out which nodes were in the story and if they were defense or attack,Read the story and identify the nodes then put them together and draw their relationships,The root node Open Safe,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,The logical structure and the fact it is all visually explained,In large ADTs following the logic especially if nodes are very succinct,Yes mostly as a way to visually summarize threats that need to be modeled or explained. I feel like ADTs can be very valuable to quickly read over a situation or threat but it’s more difficult to really understand the reason why the threat is happening in the way of the ADT,1,1,0,Ways to make threats with many possible avenues less “horizontal” which makes them very difficult to read,Yes,1,2,2,6,12,3,1,4,3,0,0,2,0,6,2,,,,,3,1,2,1,2,5,1,0,2,1,3,5,2,3,1,No not every attack node has a defense node,1,1,5,2,1
LT,24,None,Yes,Fault Trees,2,1,2,2,1,What I found most difficult about the task is to find the order of nodes. I had to draw a few sketches to find the right order and include the different ‘or’ and ‘and’ gates. It was also difficult to think of the different possibilities that the tree could branch out. That was why I first drew a few sketches on paper before I started making the tree in a digital program.,The methodology I used was to first make sense of the event itself. After that I looked at the nodes and created a possible story on paper. I wrote down the nodes and switched them in the right order. I used a few sketches to end up with the final Attack-Defense Tree.,1,2,6,13,2,2,6,0,1,3,1,6,5,2,1,What I found most difficult was to know whether every node was included. Next to this it is hard to know whether to include the ‘and’ and ‘or’ gate.,My methodology was to start from the base event which is ‘open safe’. Then I looked in the text to see what the different attack options were and if some needed to be combined with an ‘and’ gate. This was not the case for the first level of abstraction. Then I looked in the text for a further level of abstraction for the 4 different options. The last step was to include the defense nodes.,The first node that I added to the tree was the base node ‘Open safe’,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,3,I found it easy to think of the attack event,I found it difficult to come up with different attack possibilities and to put them in attack nodes. What I also found difficult is how the attack nodes could be defended using the defend nodes.,Yes I think that ADTs have a place in the cybersecurity industry. I think that ADTs have a place in the risk management area of certain companies that want to counter and minimize the vulnerabilities of cyberattacks or other possible attacks on their system for example. The tree will help to set out possible scenarios and to come up with defense mechanisms. It will also show where the vulnerabilities are and thus where defense mechanisms are needed.,1,0,1,The aspect that I think is missing from ADTs is that time is not involved in the trees so it is not possible to see what comes first in an attack or what the timespan of an attack is.,Yes I hope to encounter ADTs in the future since I am really interested in crisis management.,1,5,6,12,19,2,5,4,0.4,0,0,0,0,7,0,2,2,1,1,4,1,2,2,3,8,4,2,2,3,3,5,4,2,3,The overall goal is kept since for every attack vector a defense node is defending the attack from happening,0,0,8,3,3
LT,25,0,No,Yes,1,1,2,1,1,The most difficult component of this task for me was identifying what exactly is meant with some of the descriptions of the leaf nodes. For example ‘hire outright’ and ‘gain access’ were unclear to me. What is meant with ‘outright’? and ‘gain access’ to what? To solve this problem I assumed that I could fill in the meaning myself so for example gaining access I used to describe gaining access to the tunnel which was dug by the robber.,As I have watched a lot of movies about robberies (Oceans 11 Den of Thieves the Bank Job etc.) I used my imagination to think of a possible scenario which could take place. I knew that a lead node stands for node that does not have follow up nodes (children) and that I could not create any extra leaf nodes. However you can create intermediary nodes. This led me to do a top down approach starting with the steps needed to rob a bank. After making the intermediary nodes and structuring the whole tree I placed the defensive nodes.,2,2,9,17,3,4,5,0,0,1,0,8,1,1,1,What I found hard when building this ADT based on the given scenario was identifying what defensive nodes should be added and where they should be added. The attack nodes were more clearly prescribed but the defensive nodes were more hidden in the text.,I started with identifying all the different possible nodes in the given scenario. Then I ordered them and looked whether they were and/or nodes. Lastly I identified the defensive nodes and placed them in the ADT.,The first node I added to the tree was the root node ‘Open safe’ as this is the overall goal of the ADT. It would not make sense to me to not start with this node.,3,3,6,8,0,2,3,0,0,0,0,2,0,1,3,1,It has helped in quickly organizing an attack-defense scenario. It gives a clear overall structure and when not fully understanding the scenario it aids in showing what components are connected and what are not.,Thinking about all the different possible nodes how they should be placed in the tree and also which ones should be added. You do not want to go too deep with the information on an ADT in my opinion as you want the reader to be able to quickly analyze the tree without causing confusion.,Yes I do think they have a place in the cybersecurity industry. For me it would be for example to give an organization a clear idea of what its weak points are as in this way they can quickly see what attacks they are properly defended against and what attacks not in this way protecting their organization fully.,1,0,1,I think some ADTs can get too large if you want to implement everything in it. Maybe it would help to build different layers of ADTs so if you want to get more specific information on some part you can find that in a deeper layered ADT. For example when saying that 2MFA is a defense node you could build a different deeper-layered ADT on 2MFA on how to implement it and also what different weaknesses are to attacks.,Yes I do. They were kind of like a puzzle to me. I do also believe it will help me understand difficult problems better thus I might use them myself in the future on assignments to create a clear structure of the problem.,1,11,12,16,30,4,5,6,0.8,0,0,4,1,13,5,2,1,2,1,3,1,2,1,1,5,4,2,1,1,3,6,5,2,2,No not every attack node is defended against,1,1,0,2,1
LT,26,,,,1,3,3,4,2,Making logical connections as to what might be the possible components (nodes) of the goal. I had difficulty understanding if some components relate to one another or if they are completely separate.,I tried going about it from an intruders perspective in hopes of understanding which sequence of actions might be logical and more efficient.,2,2,6,10,0,2,4,0,0,1,0,3,1,1,1,Understanding if some defense nodes can be attached to more than one attack node e.g. could installing security technology also be a defense node for learning the password.,I followed the scenario: The scenario initially introduced the goal so I realized it is the root of the defense tree I then understood that the ways a safe can be open are the ways of reaching the goal of opening the safe – thus I had the first components of the tree figured. Then after having the first components of the tree figuring the rest of the nodes and where they belong is a lot easier.,Once I had the attack goal set up as the root node I started building from the sequence of the attack that was written down so I firstly assembled all the attack nodes – first being ‘’pick the lock’’ node.,4,4,5,7,0,2,3,0,0,0,1,2,1,2,5,1,The visual representation of an attack and ways to counter it makes it a lot easier to understand technical matters which are usually too difficult to understand in text form.,Coming up with all potential scenarios for an attack or for a defense in response to the attack. I found myself wanting to add more and coming up with more potential scenarios. As such I think it is fairly difficult to represent an ADT completely accurate meaning that perhaps you can never create an ADT that is fully complete – there are myriads of possible ways of attacking as well as handling an attack since there is no general criteria for the type of attack or defense one might use – the taken measures can be very elaborate or not so much.,Yes. I think cybersecurity experts can adopt the ADT approach when drafting cybersecurity policies especially in cases when they are hired to design a cybersecurity strategy. While ADTs can be somewhat too simplified for cybersecurity experts companies who hire them to ensure their business’ security can familiarize themselves with potential cyber threats as well as how they can be countered. Thus ADTs could be especially helpful in commercial matters whereby a cybersecurity expert would provide a simplified version of the drafted cybersecurity policy to their customer.,1,1,0,I find the logic and structure behind ADTs pretty straightforward and I do not think it requires any more additions since I feel like they themselves were created to provide a simplified approach to understanding various attacks and preventing them.,Yes I think they are a great way to structurally understand how attacks might occur rather than having abstract ideas of how they might be performed. I think ADTs help build a better understanding of different types of attacks and thus potentially can help prevent them better as I believe it is a lot more easy to understand than theoretically describing attacks without their visual representation of a plan.,1,13,13,12,18,0,5,4,0,0,0,1,3,6,4,2,1,1,1,,,,,,,,,,,,,,,,,,,,,
LT,27,None,Yes,No,2,4,4,4,3,The most complicated part was to make sense of the nodes whilst they were not connected. The process of connecting the nodes to each other in a way that it would form a logical tree is what took most time.,Firstly I categorized the nodes into groups that seemed like they would go together (buy tools/steal tools for example). Then I looked at how the nodes connect together within the category and whether they had an and/or connection. I drafted these in a tree and added one intermediary step to make it more logical.,2,2,7,11,1,3,3,0,1,1,0,4,2,1,1,Figuring out whether certain steps need intermediary nodes or whether they made sense the way they were. Also trying to keep the tree simple and straight forward but not over-simplified is quite difficult.,I followed the story chronologically and drafted a tree with pen and paper first while reading the text. This resulted in drawing out the tree top-down which I then copied into the word document.,The first thing was ‘Open safe’ after which I added ‘pick lock’ because it was the first option mentioned in the text.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,The easy part about using ADT’s is that they provide a very clear overview of a scenario. With that also comes that they provide an overview of where a scenario is lacking in defence. I also found that it was easier to make an ADT when the scenario was written out as the connection between different nodes is clearer.,The difficult part about using ADT’s is not necessarily looking at one and understanding it because then someone else has already made it understandable for you. But making one and trying to make it understandable and logical for other people is definitely more complicated. Especially connecting nodes that are not presented in a text/story format were more complicated for me as I sometimes had to guess what the exact use of each node was.,I do think that ADT’s have a place in the cybersecurity industry especially when it comes to simplifying certain attack scenarios and providing an overview of where the defence is lacking. ADT’s can be useful in making sure that most if not all loose ends are covered with a defence.,1,0.5,0,What is lacking from ADT’s is that it seems to be assumed that the defence will be enough to stop the attack. It is missing an indication of how strong a defence is or maybe even how severe an attack could be. Though such indications would provide a more complete overview of a scenario it would also complicate the ADT.,I do hope to encounter ADT’s in the future as they provide a clear way to communicate a scenario. Though personally I like text-based scenario’s too and those seem clear to me as well I think that with bigger scenario’s an ADT is more useful and less time consuming. A person could understand an entire scenario by a single look at the ADT.,1,6,6,8,12,0,3,3,0,0,0,1,0,4,1,1,1,1,1,2,1,3,4,4,5,3,2,4,4,1,2,4,4,4,The overall goal is mostly kept as all 'starting' attack nodes have a defense node. However the defense node could be countered with (more extreme) attacks which do not have a defense node. But all in all the main goal seems to be kept.,0,0,4,4,4
LT,28,0,Yes,No,2,3,3,1,2,Coming up with ways to fit all provided leaf nodes because some of the leaf nodes provided were very vague.,I looked at the leaf nodes provided and tried to think of bank robbing strategies that make use of these leaf nodes.,2,2,10,22,2,7,6,0,0,2,0,11,2,1,1,Reading the story had to read it multiple times to make sure the attack tree was correct,Read the story and make all the nodes. Then read the story again and put all nodes in their respective places.,The root node open safe,3,3,5,7,0,2,3,0,0,0,0,2,0,2,3,2,It is clear and organized,I hadn’t worked with ADT before so I struggled with deciding on where to place certain nodes and how detailed the ADT had to be.,I think they do have a place in the cyber security industry it is a clear and structured way of mapping out certain situations.,1,0.5,0,No idea,Yes,1,7,7,15,28,4,7,7,0.5714285714,0,0,2,0,13,2,1,1,2,1,2,1,2,2,2,2,4,2,2,2,3,6,4,2,2,yes every vector has a defence mechanism,0,0,7,4,1
LT,29,3 Months,Yes,Attack Trees,2,2,4,3,1,The difficult part of this task was to assemble the defence nodes to the attack tree. It was difficult to apply these defence nodes because I could not really find the right place for them I applied them where they fitted best according to me.,First off I started with putting the attack leaf nodes into subgroups of their own topic for example find the direction of the tunnel and locate start of tunnel. Then I worked my way up in the tree. When the whole attack tree was finished I applied the defence leaf nodes to the tree. My methodology of choice was to work from the bottom of the tree to the top.,2,2,8,14,2,3,4,0,0,1,0,6,1,3,2,The most difficult part of this task was to continue the work after creating the four different attack nodes on how an attacker could open the safe.,First the goal of the attack was added to the tree. Later the four ways of how an attacker would open the safe was divided into their own subgroups. For each subgroup different branches are applied to them they were added to the tree when it was figured out what belonged to what.,The first node added to the tree was the attack goal node which is to open the safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,2,It was easy to break down the problem of the ADTs and divide them into subgroups to make it easier to continue and have a clear structure.,The difficult part was to start constructing the tree. Another part of ADTs which was also a bit difficult was to pinpoint where the defensive nodes should be put.,Yes I do believe ADTs should be a part of the cybersecurity industry today and also in the future. Mainly because they can be useful in precautionary purposes to avoid accidents from happening. ADTs also work well in an aftermath scenario for example if a bank gets attacked and the cause is unknown and ADT can be created from possible scenarios of the attack.,1,0,0.5,To my knowledge on ADTs I cannot come up with something missing from ADTs.,Yes I do hope to encounter ADTs in my future. It would be interesting if ADTs were sometimes included in my future workplace(s).,1,4,4,11,20,2,6,5,0.3333333333,0,0,1,0,9,1,2,2,2,1,2,2,4,3,2,2,8,3,4,2,4,11,4,3,2,Yes the final goal is a defence node and the only possible attack node is the employee attack node however this one also starts with defence nodes and is therefore countered out.,0,0,7,4,2
LT,30,0,Yes,Yes,2,2,4,2,1,I found it difficult that certain nodes were not allowed to have 'children' (=leaf nodes) or that you were not allowed to add any leaf nodes yourself. Because of these two rules this assignment pushed the outcome of the attack tree in a certain direction. However prior to the outcome you could give the ADT your own interpretation which was quite fun.,I have spent quite some time on solving this ADT. I thought this one was the most difficult. I first started looking at which leaf nodes were components of a node or which (leaf)nodes could potentially fit together. After I tried to determine a possible relationship (or and). For example I knew that there had to be a tunnel and in order to build a tunnel you could steal or buy tools or hire someone to do it for you. Or you could just walk through the front door. It also helped me to place myself in the shoes of the attacker. When I found out that this method helped me I continued to use it.,2,2,9,16,3,3,4,0,0,1,0,7,1,1,1,The most difficult thing about this task was deciding on whether ‘cut open safe’ needed any components. As the other ones did have other (defense)nodes it felt a bit odd to leave this node as a leaf node. However as it was nowhere stated in the scenario and we were not allowed to come up with new information ourselves I decided not to add any new components.,My methodology of this tree was quite simple. First I read the entire scenario one time in order to make an overall picture in my head. The second time I read the scenario sentence by sentence and after each sentence I directly drew any new nodes relations or components. For example in the second sentence I could directly draw the important nodes such as ‘pick the lock’ ‘learn lock combination’ ‘cut the safe’ ‘install safe improperly to open later’. I did this several times and corrected myself where needed.,“Open a safe”,1,1,7,11,2,2,3,0,0,0,0,4,0,1,2,2,An easy thing about using ADTs is that it gives you a clear overview of everything that could potentially go wrong and what the ‘back up’ would be in case an attack would occur. Therefore it gives the one who is reading it a feeling of safety and overview.,A difficult thing about using ADT is that it could be interpreted wrong or be incomplete. I think it is very difficult to encapsulate all possible things that could go wrong which leaved the ADT incomplete.,I do not think ADTs can have a place in cyber security. With cyberspace evolving so rapidly and more and more security systems emerging out of it attackers are also increasingly looking for new ways to take advantage of certain security breaches. If one way does not work they will try to develop another method to steal money of your online banking account (for example). Therefore a lot of ADTs would be outdated rather quickly.,0,0,0,I think ADTs do miss an aspect of development; adt’s only visualize the attacks or threats that are known nowadays but they should also think about threats of the future. Although this is quite difficult I think they should be placing themselves in the shoes of an attacker even more. I would recommend using ‘development nodes’ in addition to ‘defense nodes’.,Personally I prefer drawings over plain text as visual thinking helps me to understand things more thoroughly. When I need to study I often think in pictures instead of words. Therefore an ADT is a perfect way for me to understand the threats of a scenario.,1,,,,,,,,,,,,,0,0,,,,,3,1,2,2,3,5,4,3,4,4,9,14,5,4,4,,,,8,4,4
LT,31,None,Yes,No,2,4,5,2,2,The most difficult I found about this task was to come up with intermediary nodes to make sense of the existing nodes. Some nodes are a bit vague and on its own and I think I would better understand it in the form of a text.,Knowing that a tree node cannot have children made it a bit easier to assemble the tree and understand the nodes a bit better. Adding intermediary nodes also helped solving the task,2,3,8,14,2,3,4,0,0,1,0,6,1,1,1,The most difficult part about this task was to figure out whether the countermeasure applies to only one node or can be applied to multiple.,It was rather easy to build the ADT through following the text. I looked out for certain keywords (i.e. OR AND) through which I was able to add the necessary nodes.,The first node I added to the tree was ‘pick lock’.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,2,It made my attack scenario more clear and I could easily see loopholes or things that would not work.,I sometimes got confused on my own attack scenario and lost track of what I exactly meant.,I do think they have a place in the cyber security industry however I am not sure where it would have a place.,0.5,0,0,I think some ADTs also need supplementary text that explain certain nodes. For example from the first part of the assignment some explanation of the nodes would be helpful. I also think impact of certain attacks or defenses are missing from ADTs.,Yes they are fun to make and read.,1,5,5,9,16,1,4,4,0.25,0,0,2,0,7,2,2,1,1,1,4,1,2,2,2,8,4,2,1,1,3,6,5,3,3,The goal is kept. In order to keep data confidentiality both the physical and network security have to be kept. The network security remains since only the access control poses a risk while both the firewalls as well as the IDS remain. This alone proves that the overall goal is kept. Moreover the defence node 'video cameras' defends the entire attack mode of 'break in' which remains the physical security.,0,0,7,2,2
LT,32,None,Yes,Fault Trees,2,2,4,1,1,Some of the leaf nodes are not clear (what does “gain access” refer to?) Or some leaf nodes could have been places as intermediate. If I am either totally free to choose or have full guidance it’s not a problem but having just some of the information makes it a bit difficult (nothing impossible though). Mainly because of lack of clarity.,I first looked at the leaf nodes and tried to develop a path in my mind for each leaf node to the goal (robbing a bank). Then I began from the top thinking about the closest components of robbing a bank and i linked those two to the leaf nodes coming up with plausible intermediaries. Sometimes I had to change my initial roadmap but I mostly managed to keep its structure.,2,2,14,29,3,8,7,0,0,2,1,13,3,2,1,If I had to pick one I’d say carefully reading the text to make sure the ADT properly reflected the text.,Carefully read and then write from top to bottom the nodes. I wrote the ADT the nodes and the links step by step while reading the text.,The goal: open a safe,3,3,6,8,0,2,3,0,0,1,0,3,1,1,4,1,Because in this part I could choose my own scenario and nodes i found it very easy implementing an attack scenario into an ADT.,Sometimes it is hard to think of all possible nodes and I might have missed some.,Yes in virtually every aspect of risk management and attack prevention: it could help unveiling elements that could be improved or vulnerabilities that could be exploited it’s a great way to visualize such aspects and make them clearly understandable for both technical and non-technical staff. Also they could be implemented after an attack to see both the exploited elements and those connected elements that have not been exploited (but could still be a vulnerability). On the other hand the biggest limitation of ADTs in cyber security is that cyber issues are extremely complex to be summarized in an ADT as it would be really long/big).,1,1,1,It’s very schematic and it simplifies a lot which is good in some situations but not always the best in others that’s the only critique I can raise.,YES!,1,8,8,14,24,4,5,6,0.8,0,0,1,1,10,2,1,1,1,1,3,1,2,1,1,5,3,2,2,1,3,5,4,2,1,No because Lock and Strong password have attack nodes that would overcome the defense nodes,1,1,7,4,4
LT,33,Less than a year,No,Fault Trees,3,2,1,4,3,I found it difficult to know where I was supposed to put the different attack nodes because it felt like there were so many potential possibilities that can result in a coherent story.,First I read all the attack and defence leaf node options. Then I wrote a text with the nodes and tried to piece them up together and make a chronological story with them in which the final event was “to Rob a bank”. Then I started making the ADT by identifying the immediate causes. These were: “Gain access to the bank” or “Walk through the front door”. Finally I completed the rest of the attack and defence leaf nodes by following the story I had made.,2,2,4,10,0,3,5,0,0,3,0,6,3,5,5,The most difficult thing about this task was ignoring unessential words and identifying the key information within all the text. After that then converting the key words into usable and comprehensive attack/defence leaf nodes also proved difficult.,First I identified that the main goal was “Open a safe”. Then I converted the four attack means listed in the second sentence into leaf nodes which I then incorporated into the ADT graph. I then read through all the other sentences line by line and converted the relevant information into attack or defence leaf nodes. Once that was finished I read over the whole story one more time in order to make sure that everything from the text was included in the ADT graph.,As the ADT is supposed to be read from top-to-bottom the first root node that I added was the root node “Open a safe”.,3,3,5,7,0,2,3,0,0,0,0,2,0,4,2,5,I thought that using ADTs is easy because they are easy to sketch out and most of all they are a simple and logical way of representing the different steps that will occur in an attack. Furthermore it is also an easier tool to explain an attack to someone else instead of when using a text or a list of events for example.,On the other hand I find ADTs difficult when it comes to assembling already determined leaf nodes such as in the first ADT exercise. I also find it difficult to determine whether my ADTs’ optimality when it comes to the logic gates and whether I have enough levels to spread out the nodes and provide a comprehensive and logical tree rather than just a sequence of events.,I think ADTs have a strong place in the cybersecurity industry especially when it comes to cyber-attacks and how they can be represented. Indeed I think ADTs are a great way to get a comprehensive overview of a case and get a quick grasp of the attack and defence possibilities. On top of this ADTs could add a lot of quality and value when it comes to presenting as well as for complementing articles about cybersecurity attacks which can sometimes be lengthy unclear and confusing.,1,1,0,I think the concept of time is missing to ADTs in the sense that there should be in certain cases a possibility to add at the time that certain attack or defence nodes require in implementing as this is a relevant indicator when it comes to attack such as cyberattacks.,Yes I hope that ADTs will become more widespread and frequently used in the future especially when it comes to presenting and/or representing cyber-attack cases as attacks or accidents or issues more generally speaking across other disciplines (e.g. infrastructure security engineering finance psychology etc.).,1,3,3,6,13,1,2,4,0.5,0,0,4,0,7,4,2,1,2,2,4,1,2,2,4,8,4,3,3,4,3,5,5,2,4,The overall kept of protecting data confidentiality is kept but from the perspective of a defensive system with potential attacks therefore the goal to maintain this system safe is still in force.,0,0,8,1,2
LT,34,,,,2,4,4,1,4,I found it hard to format the attack tree but that was probably because I tried to make it in a Word document. I also found it hard to assess what exactly was meant by each node and how they were related to each other. For example if “threaten insiders” referred to threatening bank employees once you have already gained access or if it meant that you would threaten employees in order to gain access. [UPDATED: I realised my Word version was too ugly and so I redid it on paper. I did include it here because I thought it was funny (and maybe interesting for research purposes to see someone struggling trying to make an ADT…) But the paper version is the actual version I’d like to be graded on.],I just went by what seemed the most logical. Before I assembled the attack tree I sorted the nodes into which ones intuitively felt like they belonged together and then worked from there. I made up some intermediary nodes because otherwise I had no idea how to add the leaves together.,2,2,9,16,1,4,4,0,0,2,0,7,2,1,1,I found it hardest to recognize the defence nodes as defence nodes. It took me a while to realise their relevance in the story as nodes rather than just additional information.,I first added the 4 nodes (pick lock/cut open/learn combination/install improperly) and then per node I checked to see if they had additional nodes or defences and then added those.,“Pick lock.”,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,2,It helps split up a big task into smaller pieces so that makes it easier to figure out how to carry out or prevent each part of it.,The notation and when intermediary nodes are necessary or not. I think the most confusing part is figuring out what someone wants to say with their attack tree if you do not know the context exactly of what is going. Because the nodes can be interpreted in different ways so maybe because it has been simplified it then becomes a bit too simplified that you lose information needed to understand the attack.,Maybe for figuring out which parts of an organization are susceptible to vulnerabilities. For example if you only look at the security of certain systems of an organization you might overlook the vulnerability of an employee being bribed or something like that. So yes ADTs might have a place in the cyber security industry to help assess vulnerabilities especially in places that you might not typically consider in that field.,0.5,0,1,What I mentioned earlier that it is not always clear without context what the nodes mean. Maybe also the relation between the nodes because it is not always clear exactly how one node leads to the next node.,Not necessarily. I don’t think I’d mind having to work with them but I can’t say I have enough experience with them to say I look forward to working with them. I think they could be a valuable tool depending on what you’re using them for.,0,2,2,15,24,3,4,4,0.75,0,0,1,2,8,3,1,2,2,1,3,1,2,1,1,5,2,1,4,2,5,7,4,4,4,No because there are attack nodes that do not have counter measures for them.,1,1,6,2,2
LT,35,,,,1,2,3,4,2,Having only the leaf nodes I need to understand the thought process of someone else. Putting the tree together was difficult for me because getting behind the logic of the leaf nodes provided was challenging. I find it easier following my own thoughts and reasonings.,I first wrote down all nodes provided differentiating the root node leaf nodes and defence leaf nodes by colour. Then I grouped similar nodes together. Thereafter I made a new document and made an ADT following my thought process. I then implemented the leaf nodes provided into my ADT where necessary. Lastly I organised the defence leaf nodes.,4,4,19,34,6,9,7,0,0,0,0,15,0,1,1,Most difficult was understanding all relationships correctly. The text jumps from one attack node to defence node to another attack node which is related to an attack node mentioned at the beginning. Not getting confused and straighten out what belongs where was most challenging.,I began by writing down the root node and focused then on the attack nodes. Once I had all attack nodes identified and put in the graph I shifted my attention onto the defence nodes. In the end I went over the text again to make sure I didn’t miss any information and therefore node.,The root node was the first one added to the tree in this case ‘open a safe’.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,It is very simple and straightforward where improvements can be made. One sees the vulnerabilities directly as those are the attack nodes. This makes it easy to decide where defence nodes need to be implemented and how they should look like.,It can be challenging to put attack nodes in the right order and to not just write step 1 → step 2 → step 3 → etc. Rethinking what one wants to actually write down can be confusing. I went over my trees multiple times to prevent this from happening as much as possible.,I do believe ADTs have a place in cybersecurity since they simplify complex relationships and give an overview on possible attacks. It breaks down interrelated and complex situations making it easy to connect the dots. Especially the defence nodes are very helpful to prevent rather than mitigate consequences of an attack. Moreover all the important information can be seen at the poisoned water chamicals chemical waste illegal disposal: dumb it into river river health testing + law consequences factory leakage examination and report on (existing) building agriculrure chemicals lawfully controlling amount of chemicals used and where they get used corroding pipes bi-annual check and maintenace of water infrastructure increase the levels of sodium hydroxide (lye) hacking into the watrer treatment system investing into contstantly updated thourough cyber security manually increasing lye level buying lye limiting amount of lye able to buy stealing lye poison manualy dump it into water supply buy poison control distribution of dangerous substances steal poison put it into water treatment supply hire outright personnel ridk amangement + backgound check hack into the system investing into contstantly updated thourough cyber security same time without effort. Therefore they have a place in risk calculation as they identify all risks related to a situation and then show which attack nodes can be defended and how.,1,0.5,1,With the limited knowledge that I possess I cannot think of a criterion or aspect the current ADT is missing. In my opinion right know they show all necessary information.,Yes I do hope to encounter attack trees in the future. They are very straightforward and nice to work with. Easier than a paragraph or more of text.,1,9,9,11,19,0,8,4,0,0,0,0,0,8,0,2,2,1,1,3,1,4,2,1,5,8,5,2,1,9,11,5,2,1,Yes. It is very clear what kind of attacks can be expected against data confidentiality and it is also very clear what kind of defences can be employed against these attacks. All of this is drawn into a concise overview.,0,0,8,2,1
LT,36,Less than 6 months,Yes,Yes,1,2,2,2,1,What I found difficult about this task was developing the story line of the ADT meaning grouping the nodes and connecting them together. It required me to analyse this issue on a problem-solving scale.,My methodology for this was using the structure of the ADT to help me solve the problem. For example I would ask myself “Using these nodes what are the means to rob the bank”. Afterwards I used a step-by-step processing using logic to complete the ADT.,2,2,4,10,0,3,5,0,0,3,0,6,3,1,1,I found this task significantly less difficult and abstract as there was as story line of sorts that enabled me to create the ADT with increased confidence. What I found most difficult was remembering to use all the different types of symbols such as the “dotted line” for countermeasures.,My methodology for building the ADT was to split the storyline text into sections. I would start with the root node which was “Open Safe” and then continue downwards starting with the leaf nodes and ending up with the countermeasures. I then put them roughly on the diagram and after reviewing the text again I began rearranging the nodes to fit correctly.,As the ADT is supposed to be read top-down the first node I added to the tree was the root node “Open Safe”.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,I find that ADT’s have a clear visual and strategic design which makes it easier to fully understand the complexity of attacks as well as the defence nodes that are used to protect against them. In the form of a written text the overall strategic design of attacks could be misinterpreted or key elements ignored. As a visual learner I generally appreciate its visual nature and that anybody would understand its configurations.,It’s more difficult using ADTs when information is less clear or very abstract. It’s important that the nodes contain enough information so that you can understanding its position within the greater ADT. In relation to its creation its significantly more difficult creating an ADT when the information is not provided to you in a story format or when the information is not provided at all.,I do think ADTs have a place in the cyber security industry. They play an essential role in the prevention and mitigation of cyber risks. In my current professional position within a Cyber Security Risk Advisory role I have seen its application used alongside the creation of threat landscapes and attack scenarios. From my understanding they improve everyone’s understanding of cyber risks including those with less technical backgrounds which is important.,1,1,0,I think that the ADT are rather comprehensive in their nature however it would be interesting to see how they could employ other useful tools for example if they use different colours for topics such as level of risk and costs of defence nodes.,Yes I hope to encounter them in the future as they can be valuable for presenting complex problems and solutions to groups of people from a range of different backgrounds. As a visual learner this style of problem-solving is especially useful to me. This is an alternative to traditional forms of storytelling and information gathering.,1,3,3,6,16,1,2,5,0.5,0,0,7,0,10,7,3,1,1,2,,,,,,,,,,,,,,,,,,,,,
LT,37,,,,2,1,2,4,2,The most difficult part was assembling and structuring the tree in an order that makes sense. It is kind of like a little puzzle that you have to figure out.,I divided some nodes into “groups” and I looked at which nodes could connect with each other.,2,2,6,10,0,2,5,0,0,2,0,4,2,1,2,It was not really difficult but the most challenging part was discovering all the nodes that were “hidden” in the text. I had to read the text multiple times to make sure that I included everything.,I used the same methodology as before. The only difference was that I had to start with a text this time. I went slowly from sentence to sentence writing down the nodes and putting them into groups before placing them in the tree.,The first node was the root node; open safe,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,1,The thing that was especially easy about using ADT’s was how clear and organized it is. It is easy to follow along with a glance.,It was difficult to sort everything out. This includes the layout but also the nodes themselves. This was quite time consuming.,yes they do have a place. This is because the field of cybersecurity includes people from different fields.Using an ADT makes it easier for someone who comes from a field like governance to understand something very technical.,1,1,0,maybe a short text with a (short) summary to make following along even easier,I do not necessarily hope to encounter them but I would happily use them if I encountered them.,0,6,7,9,14,1,2,5,0.5,0,0,2,0,5,2,1,1,2,2,,,,,,,,,,,,,,,,,,,,,
LT,38,A little over 3 years,Yes,Yes,2,2,2,3,1,What I found most difficult about this task was arranging the leaf nodes under the right intermediary nodes. I was quite struggling to find the place for the “Threaten Insiders” and “Gain Access” nodes. This was because at first sight they could belong anywhere and are therefore difficult to assign.,I took a piece of paper which I used to draw ideas on. I then first grouped all the leaf nodes together that made sense to me to belong together. After that I made new intermediary nodes that could support the leaf nodes. Finally I put it al together in the ADT.,2,2,9,14,2,3,4,0,0,0,0,5,0,1,1,What I found most difficult about this task was,I first marked all the different ‘nodes’ in the piece of text so I could get a good overview of what all the nodes should become. After that I put the text into the nodes without putting it in the right place yet. Then I put it all in the right place and made the final ADT.,The first node that I added to my tree was the root node ‘Open a safe’.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,What I find easiest about using ADTs is that the story of the attack becomes clear quickly. It therefore gives a great overview of the attack and all the different factors that come into play,What I found most difficult about using ADTs was the process of identifying all the different factors which such an attack can have. This can become a lot and in order to keep the ADT readable it has to stay concise and not to extensive.,I think ADTs could have a place. This is because they can offer in great detail and in an easy-to-read format what the different approaches are to each attack and which vulnerabilities one must think about. I would see these ADTs be used in consultancy firms to make an understandable case to a client.,1,1,0,To some extent the human factor. Humans can do weird things that cannot always be anticipated beforehand.,Yes I think it is a great method of identifying the different attack scenarios. Therefore it makes it a very useful means to explain complex situations to people.,1,6,6,12,22,4,6,5,0.6666666667,0,0,0,0,10,0,1,3,1,1,3,2,2,1,1,8,3,5,2,1,8,3,4,2,1,,,,,,
LT,39,Less than 1 year,Yes,No,3,2,2,4,1,I was having difficulties with keeping in mind that this is an ADT not a Mindmap. I am used to creating a Mindmap which looks very similar to an ADT. However a Mindmap breaks down subjects into easier-to-understand concepts while an ADT consists of attack goals and components.,I first tried to connect different leaf nodes to each other. For example it was easy to see that “buy tools” and “steal tools” were connected to each other. After I made this connection I could group them together as children of another node that had something to do with “tools”. I then tried to think of what this parent node “tools” would have to do with robbing a bank. Then it became clear that “tools” was supposed to be “get tools”.,2,2,8,14,1,4,4,0,0,1,0,6,1,1,1,The wording of the nodes. Since the exact wording I should use was not given I had to make up my own wording using the text provided. It was difficult to make sure that the node’s text was not too long.,The text provided indicated clearly what nodes were children of parent nodes. The text allowed me to start from the root node and work my way down adding children nodes to parent nodes when they came up in the text.,The root node: “open a safe”,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,It was easier to use ADTs when the nodes were already given. Then I could just connect them to each other and put them in an ADT.,It was difficult to come up with intermediate nodes that were not given beforehand.,I think ADTs can be used to give an overview of an attack scenario. It is easier to see what an attacker could do and what kind of countermeasures you could use than if it were written in text.,1,1,0.5,I do not think ADTs are missing anything. They are better than using text to describe an attack scenario and can easily show how certain elements can be defended against whereas if you were using text it would be harder to which specific element the defence is for. All in all I think ADTs are not missing anything.,Yes I do. They are very useful. I am used to using Mindmaps to study to get an overview and ADTs are close to Mindmaps and as handy.,1,7,8,8,14,1,5,5,0.2,0,0,0,0,6,0,1,1,1,1,,,,,,,,,,,,,,,,,,,,,
LT,40,Less than 1 year,Yes,Yes,2,2,3,5,3,I find the most difficult part of this task to be sure that i captured every step that was important.,i started thinking from every node how i would start planning a bank robbery if that node is the only way i would be able to rob the bank.,2,2,9,15,0,6,5,0,0,1,0,7,1,2,3,again deciding when i captured the full tree,for this ADT i tried the top down approach instead of the reverse system i used for 1.1,pick the lock.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,3,1,it is a visual explanation of multiple ways to go about doing something it takes less time to read and understand multiple ways of doing that particular thing.,deciding what is useful in a ADT and what is not.,i think that in cybersecurity you often have to explain technical threats to people that do have interest in them but do not understand it completely with ADT’s this simplifies the threats enormously. That is why i think that ADT’s have a place in cybersecurity.,1,1,0,I think that ADT’s can miss a bit of context to what extend the likelihood is of something that is described in the ADT. Because ADT’s often put threats and defenses at the same level as one another.,Yes i grew really fond of them.,1,2,2,6,10,2,1,3,2,0,0,1,0,4,1,2,1,1,1,,,,,,,,,,,,,,,,,,,,,
LT,41,None,Yes,Fault Trees and Event Trees,2,2,3,4,4,I found assembling the correct order the most challenging in about this task. Because I was unsure what the intended order was and how to assemble it.,I started by reading all the nodes and started putting them in order. After this I imagined what might be required to rob a bank and what order might be correct and how the defence nodes might be used to prevent such a robbery.,2,2,7,10,1,3,2,0,1,0,0,3,1,3,5,I thought this task was rather straightforward. The most challenging was to ensure every aspect of the situation was included in the ADT.,Starting with the root goal of opening the safe. After this finding out which possibilities there were to open the safe. When these were found the countermeasures to these nodes were found and included.,“Open Safe”,3,3,5,7,0,2,3,0,0,0,0,2,0,3,1,4,It is a nice graphic overview of an attack scenario and can provide an easier understanding especially in longer texts/situations. However for shorter situations a text description also works for me.,It was challenging to identify and include all necessary items in the ADT.,ADTs can definitely have a place in the cyber security industry. I would argue however that they would only be effective as an explanatory/exploratory tool. As I found when creating my own ADTs it is easy to forget to add something or don’t know about a certain attack node that could render the entire ADT invalid. Therefore ADTs can be used to explain some already worked out situations. But I would recommend to use another tool for new situations/ situations that are not fully worked out yet.,0.5,1,0,The main aspect missing from ADTs is the assumption that not everything is necessarily included in the model and that they are not accounted for in the model.,I do hope to encounter an ADT in the future as I am curious to see how they will be used in the future and if my assessment was correct or invalid.,1,3,3,10,16,4,2,3,2,0,1,1,1,6,3,2,1,2,1,,,,,,,,,,,,,,,,,,,,,
LT,42,,,,4,2,2,1,4,The difficulty of this task lay in understanding how different leaf nodes connected to each other. This unclarity formed from some of the chosen leaf nodes. These were difficult due to the limited explanation the words provided. As such forming connections between different leaf nodes proved to be a tedious task. For example “buy tools” and “steal tools” provide not clarity as to what the tools may be used for. The most logical option was chosen but this did not provide the exact explanation as why tools were to be needed for this specific ADT. Moreover certain leaf nodes could be interchangeably used with other leaf nodes this provided further difficulty to the task. For example one may interpret “hire outright” to be the main sub goal wherein the task-doer could provide the connected leaf nodes; “threaten part of money” and “threaten insiders. These two leaf nodes provide plausible goals to achieve for the sub-goal hire outright.,In order to solve this task I focused on identifying connections between different leaf nodes. By doing so I was able to group different nodes with each other this provided more clarity to my task as it enabled me to visualize the different levels with my ADT. Once I had grouped different nodes and identified my levels I was able to construct the AD,2,2,5,10,0,1,5,0,0,4,1,5,5,3,2,Difficulty in this task lay in identification of each different node with the text provided as the text provided a lot of information it is difficult to visualize each node as such I had to write what I thought was an attack node or defense node.,I found that the text provided contains all the necessary information I needed to construct my ADT. As such I was able to easily extract each attack node and defense node from the task. I grouped these as such in order to provide further clarity to my work. Once I had grouped each node I was able to form my attack tree as intended.,The root node “open safe'' was the first node I added as this was the start of my attack tree.,3,3,6,7,0,1,3,0,0,0,2,1,2,1,2,1,Attack and Defense trees allow you to better visualize the various possibilities an attacker may use to reach their goals in a specific attack. The ability to do so allows you to find more adequate defenses. Therefore I find it easy to defend nodes once I have found the attack nodes first.,The difficulty of an ADT is visualizing the various possibilities of attacks the attacker can use. In some events attackers have multiple mediums of attack. It is therefore difficult to encompass within ADT the entirety of an attack. Hence forming the attack nodes was a difficult task when creating my Attack and Defense trees.,I think ADT are very useful within the cyber security industry as they may aid in the simplification of complex cyber security attacks for policy makers or other essential specialists. As it is already known that many developers and programmers struggle to break down complex concepts of programming. ADT may provide a clearer visual of understanding for these types of people. Moreover they provide a clear reasoning as to how an attack may arise from different perspectives. Not only focusing on one avenue of attack but multiple.,1,1,0.5,A clear explanation as to what each node is. This could be provided in a similar section wherein the researcher or specialist must provide definitions on each node. This will aid in the reduction of ambiguities as in “Bank rob” ADT many of attack nodes were difficult to understand as such difficult to construct.,Yes as I have a clear understanding on how to construct ADT. As aforementioned I found that ADT may be used as a good visual for complex attacks that are not easily explained. As such I would use ADT to explain these complex attacks such as web security exploits.,1,7,7,8,10,0,0,2,,0,0,2,3,2,5,3,3,1,3,,,,,,,,,,,,,,,,,,,,,
LT,43,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,2,2,4,4,4,3,2,4,3,5,1,4,4,I really don't know I don't understand the tree anymore,0,0,1,5,5
LT,44,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,1,2,2,2,8,4,2,2,2,3,5,4,2,2,Yes for every attack there is a defense node present.,0,0,7,3,2
LT,45,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,1,4,1,1,8,5,3,2,2,5,7,5,2,2,Goal is to have all attacks on data confidentiality covered each attack vector is covered with at least one defence node so yes overall goal is kept.,0,0,7,2,2
LT,46,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,2,1,3,8,2,1,4,3,1,2,5,4,3,No because almost every defense can be attacked,1,1,8,5,3
LT,47,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,2,3,4,5,4,3,2,2,4,5,4,4,4,The overall goal of breaking in is kept since all the nodes lead back to the root node of breaking in. Despite the several levels of abstraction that is needed to cover all possible attack vectors there is still a clear road to the overall root node of breaking in. Even with the defense nodes beyond the root node the overall goal is still needed in order to reflect what the defense nodes are trying to prevent without causing confusion.,0,0,7,2,2
LT,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,2,1,1,5,1,0,2,2,3,5,5,1,1,The root node is a defense node we can think of defense vectors (attack vectors but in reverse).,0,0,8,2,2
LT,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,1,2,1,2,1,3,2,2,2,2,5,5,2,2,Overall goal is kept because every attack vector has at least one defense mechanism,0,0,0,3,2
HT,1,,,,1,2,1,3,1,The most difficult part of this task for me was definitely the part where you need to find a connection between the nodes and make a story out of it that you can understand by looking at the tree. Another thing that I find hard was putting myself in the position of a robber and think like one to have the order of a bank robbery straight.,At first I started with the end node which is Rob bank. Then I listed all the given notes next to it and started thinking by myself; ”What is the last thing happening before Robbing the bank?” This is obviously gaining access in the secret area of a bank and opening the safe they want to rob from. After this I started think ”How can the robbers gain access?” To gain access you need the help of an insider this can be the manager or an employee and to make everyone listen to you and make them help you you need to threaten the insiders. And before you can threaten the insiders you need to get in the bank that is possible through the front door or the tunnel. This way I kept thinking by every step ”What comes before this?” and that is how I created the ADT.,2,2,4,22,2,3,9,4,0,3,0,8,7,2,1,This task was actually pretty nice to make because the text description of an attack tree was very helpful to visualize a tree in your head and create it. However I think the hardest part was knowing which nodes to need to put together in one level. Sometimes you,In this task I again started with the first node and then I just started reading the text description and put every ”step” from the text description in a node. After this I connected the nodes like explain in the description and put the Defense leaf nodes next to the step that it prevents.,the ”Open a Safe” node,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,Things I find easy about using ADT’s is seeing a good structure and being able to read and visualize it easily than reading a text description of an attack.,The most difficult think about using ADT’s is deciding which nodes are supposed to be beneath which ones. Sometimes I felt like some nodes needed to be beneath more nodes and that make it hard to create a good ADT.,Yes I definitely think that ADT have a big role in the cybersecurity industry because the goal of the cybersecurity industry is to protect information and systems from cyberthreats. An ADT help this goal especially if it comes to protecting and preventing cyberthreats.,1,0,0,One thing that may be missing from this ADTs are human factors. ADTs focus on technical aspects of security but they don’t really take human factors such as social engineering insider threats or human error into account.,Yes I hope that I will be encountered with ADT’s if I’m going to be working with security. Even for other IT departments such as Data Analytic and Software Development are ADT’s useful.,1,4,4,22,37,7,6,8,1.166666667,0,0,2,0,15,2,1,2,2,2,3,1,2,1,1,5,4,0,1,1,3,6,4,1,1,,,,7,3,3
HT,2,6 Years,Yes,No,2,3,4,3,2,The most difficult part was interpreting the leaf nodes. It was clear that the leaf nodes were taken from an already finished ADT with intermediary nodes and without those it was hard to figure out the context and the relationships between the leaf nodes. A leaf node called ”Gain Access” for example is so vague that it did not give me an indication where it was supposed to be used. With only these leaf nodes I did not feel like I was able to recreate the original ADT where they came from.,I first looked at the provided leaf nodes and tried to find ones which probably originate from the same intermediary node. By doing this I was able to get a picture of which intermediary nodes I need in the level above the leaf nodes. I then looked at the root node and tried to think of intermediary nodes which would connect to those. Finally I looked at where the defense leaf nodes would fit in.,2,2,9,14,2,3,4,0,0,0,0,5,0,2,2,This task was quite straightforward and I did not encounter many difficulties. The biggest challenge was naming the nodes in a way that is not too long but still descriptive enough.,I followed the written scenario and added nodes when I encountered something that had to be added. When encountering something important I had to decide if it was going to be an attack node or a defense node. The scenario was written in such a way that I was able to add nodes in a top-down direction without missing context.,The root node ”Open safe”.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,3,1,I found that ADTs make it very easy to spot undefended attack vectors compared to a written description.,I found it difficult to decide when to stop adding more levels of abstraction. I also was unsure on how to repeat substrees in multiple nodes without making the ADT too bloated.,I do ADTs are a great way to spot potential undefended attack approaches in very large systems. Because ADTs are represented mathematically a lot of this analysis can be automated.,1,0,1,Because of the acyclic nature of ADTs I would like to have a way to generalize subtrees which are used in multiple parts of the ADT.,For now I would prefer to encounter ADTs and written descriptions combined to get the best understanding of the scenario.,0.5,16,17,13,22,5,4,6,1.25,0,0,0,0,9,0,1,1,2,1,3,1,2,1,2,5,4,2,3,3,3,6,5,2,2,No there are attack leaf nodes that are not being countered by an attack node.,1,1,5,4,3
HT,3,2.5 Years,Yes,No,1,2,3,3,1,Combining which leaf nodes could possibly belong together. I thought a few leaf nodes could be used in multiple places. In addition in some situations I found it difficult to think of the intermediate nodes especially with the ’inside job’ path. Since I didn’t immediately know how the employees could rob the bank.,First I tried to combine the leaf nodes that can belong together. Then I came up with possible intermediary nodes that could fit the leaf nodes. Because of this I developed many small paths. So all I have to do is connect these all together.,2,2,9,15,5,2,5,0,1,0,1,6,2,1,2,Define what the defense nodes can be that are named in the text and identify to which attack node they belong.,First I tried to extract all possible nodes from the text. Then I linked them together using the explanation.,The root node Open Safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,2,1,I find them very clear to better understand an attack scenario and by making one myself I also understand it better.,If the tree is very large I may find it more complicated to understand the attack scenario and it takes more time to understand it.,ADTs certainly deserve a place in cybersecurity as they can explain possible attack scenarios easily and clearly. Think for example of people in a company who do not have much knowledge of cybersecurity then such a clear ATD can be very useful to explain the possible attack scenarios.,1,1,0,I don’t think ADTs are missing anything adding even more can make it more unclear and cluttered.,Yes to me they are easy to understand and make the attack scenario in most cases clear. Which makes me better understand the situation.,1,3,3,5,10,0,3,4,0,0,0,2,0,5,2,1,1,1,2,2,1,4,2,2,5,8,3,2,2,5,4,5,2,2,No I think there are to much nodes and different paths which make it more difficult to understand this ADT.,1,0,8,4,4
HT,4,5 Years,Yes,No,4,3,4,2,4,I had trouble finding relevant or nodes using the given nodes such as gain access because some were vague to me.,I figured there had to be a way to use a tunnel to rob the bank and worked out that complete branch. Then I did so for the employee branch for using permitted access. So branch by branch solving complete paths root to node.,6,6,9,16,2,5,7,0,0,0,0,7,0,5,5,I was thinking about unnecessary complications because the tree seemed to straightforward.,I made a sketch reading through the prompt so I found all nodes but the sketch was already good.,the root then the pick lock node,3,3,5,7,0,2,3,0,0,0,0,2,0,5,2,4,I can easily draw them. simple shapes.,organizing the shape so that defense countermeasures don’t get cluttered with the tree.,definitely in order to get a clear understanding of a complex situation when a tree can capture the essence of the situation that is of reasonable size.,1,0.5,0,some nodes are required or used multiple times. it would be handy to use symbols that include smaller trees or nodes for re-use,yes,1,5,5,10,16,3,3,4,1,0,0,0,0,6,0,2,1,1,1,5,1,3,1,1,5,4,0,1,1,3,6,5,2,1,Yes a complex situation is represented with an easy overview.,0,0,8,2,1
HT,5,3 Years,Yes,No,1,2,4,3,4,It was difficult to infer which groupings of leafs made sense without there being any context provided. Some leaf nodes were cryptically described. E.g. ”Gain access” could mean a multitude of things. This could’ve been avoided by choosing less ambiguous leaf nodes.,The task was solved by making assumptions about the leaf nodes such that groupings could be formed. Using these groupings intermediary nodes were formed that could lead to robbing a bank. E.g. ”Buy tools” and ”Steal tools” could be grouped under ”tools”.,2,2,9,15,2,3,4,0,0,0,1,5,1,2,4,Choosing succinct names for the nodes. This required minimal creativity. The task was not difficult.,My methodology was to read the scenario in a structured manner first identifying the root and then attack branches. These were first drawn. Defence notes were added last in between the right branches.,The root ”Open safe”.,3,3,5,7,0,1,3,0,0,1,0,2,1,5,1,2,It made it easier to look at a scenario in a quick and structured way.,Because the information inside of nodes is short it can be difficult to picture these inside of the scenario without additional context being given. Groupings of nodes could provide that context for the reader but not for the creator as mentioned for Figure 1.,Yes and no. ADTs provide a quick and structured view of a scenario. For somebody who already understands the scenario it can be a handy tool. However these trees don’t include enough information to be understood by somebody not familiar with the scenario such that additional explanation is necessary upon showing it to them.,0.5,0,0.5,Explicit context is missing from ADTs.,I wouldn’t be against encountering ADTs in the future.,0.5,2,2,7,10,0,3,2,0,0,0,0,1,3,1,2,3,1,1,,,,,,,,,,,,,,,,,,,,,
HT,6,3 Years,Yes,Vaguely,1,2,4,3,1,I would say that grouping the nodes together was the part that took me the most time. This was due to the fact that I kept thinking about which nodes would form a \logical story if grouped together.,To solve this task I started by listing all the given leaf nodes and just try grouping them on e.g. what would I need to access a bank vault. Then I thought about how the defense nodes can counter the attack nodes and added them to the ADT. I also tried to think about what would be the most logical way to rob a bank and added the intermediary nodes accordingly.,2,2,9,19,4,4,6,0,0,2,0,10,2,3,2,It could be because of how the scenario was written but I found it quite easy to build the ADT. There weren't many attack nodes that would be hard to group together. I think that if the scenario was written in a more complex way it would have been more di cult to build the ADT.,I started layer by layer starting with the root node and then the four starting attack methodes (Pick lock Learn combination Cut open safe and Install safe improperly). Then I added the next layer which started with the rst countermeasure unpickable safe. After that I added the left over attack nodes (how to learn the combination) and then the last layer which was how the safe owner could remember the combination. This was a very logical way to build the ADT as it was in the same order as how the scenario was written.,It was the root node Open safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,3,2,2,I would say that thinking of all the possible attack threats and countermeasures based on the scenario was quite easy. It gave me a good overview of the scenario and how to defend against it.,As for the di cult part I would say that it was hard to group the nodes together in a logical way. This was mainly a problem with the scenarios where we had to kind of reverse engineer the ADT based on the scenario or given attributes.,I do think that ADTs have a place in the cybersecurity industry. I think that they are a good way to visualize the attack scenario and how to defend against it. It would help managers and other people to create a clear overview when brainstorming about the scenario.,1,0.5,0.5,I think that the only thing missing from ADTs is a way to express more information about certain nodes and also how to visualize di erent attack nodes based on what they do or mean. This all could mean to e.g. add a description to a node or edge or to add a di erent symbol-styled node to show that it is a di erent type of node.,I don't know if I would call it hope but I would centainly not be bothered by encountering ADTs in the future. I think that they are a good way to visualize any type of scenario which could improve the work ow or communication.,0.5,21,27,25,35,4,5,4,0.8,0,0,1,7,10,8,2,1,3,1,,,,,,,,,,,,,,,,,,,,,
HT,7,,,,2,1,2,4,1,The tricky part about this task for me was that although the attack leaf nodes were given you did not know in what order they should be. You had to come up with a logical order yourself in which each node connected well with another node. It took me longer to do this than what I thought it would take.,First I determined the root node which was already given in the text. Then I created clusters with attack leaf nodes that belong together. From this I was able to create the tree containing the attack leaf nodes. Making the clusters with attack leaf nodes that were close to each other made it easier to construct the tree. After doing this only the defence leaf nodes had to be placed in the tree.,2,2,9,14,2,2,3,0,0,1,0,5,1,1,1,I found it difficult to determine exactly where the defence nodes should be placed in the tree. The placement of the attack nodes was very clear to me. It took me a bit longer to realise where to place the defence nodes. This is because I was not sure if I had to place them before or after the attack nodes.,From the text it was already very clear which nodes belong together. This made it easy to place the nodes in the tree. First I placed the attack nodes. This became the base of the tree. After this I looked at the defence nodes. I knew to which attack node the defence nodes had to be added. Only the specific place of the defence nodes was a little bit tricky for me. After looking at the theory slides I was able to find the right position of these defence nodes.,The first node I added to the tree was the root node. From the text it was very clear what the root note was. In the text it was said that the goal was to open a safe.,3,3,5,7,0,1,3,0,0,1,0,2,1,2,4,2,The thing that is easy about ADTs is that it represents an attack scenario in a structured way. Because of those ADTs it is very easy to understand the scenario in very little time. This makes it easy in use.,The tricky thing about ADTs was that I sometimes did not quite know where to place the nodes. In my head the scenario was clear but to process it into a tree was a bit more difficult.,I think ADTs have a place in the cybersecurity industry. This is because they show the attack paths and what defences to take. When an attack occurs it is very easy to see what countermeasures to take to reduce the risks. They can be used in places in the cybersecurity industry that focus on preventing attacks or solving the attacks.,1,0,1,I think putting too much focus on ADTs is not always good. Think of a company that is attacked. You are not always sure a defence is working. We placed it there because we thought it would work. But next to this we also have to look further to other possible options.,I hope to encounter ADTs in the future because they are very helpful. These ADTs can help us with many things. With these ADTs we can protect ourselves (a company etc.) better and keep ourselves safe.,1,3,3,7,12,2,2,4,1,0,0,1,0,5,1,2,1,1,2,,,,,,,,,,,,,,,,,,,,,
HT,8,2 Years,Yes,No,1,3,4,1,1,1. The most difficult task was to understand what every leaf node was. Some leaf nodes like find direction to tunnel and locate start to tunnel looked really alike. There was a lot of own interpretation of the given leaf nodes. Another difficult thing was that the given nodes had to be leaves. Some given nodes I wanted to use as intermediary nodes and I couldn’t which made the design a lot more difficult.,The first thing I did was trying to divide the given leaf nodes into different attack strategies. When I was sissified with this I began working on every single attack strategy from the bottom up by coming up with intermediary nodes that connected the leaf nodes and other sub trees. I kept doing this until I was at the root node (overall goal).,2,2,12,22,2,7,5,0,0,1,0,10,1,1,1,I did not really encounter any difficulties during this task. The main reason for this was that the entire tree was already describes in the assignment.,I began with writing down the overall goal and put it as the root node in the figure. After this I extracted every different attack method and fitted this as children to the root node. Next I read the rest of the text and divided the different points between the attack methods and fitted this to the tree.,As I mentioned in the previous point it was the root node: Open Safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,3,1,I find the concept of an ADT very easy to understand. When you have an idea of how the attack looks like it is really easy to translate it in a good attack tree. An ADT also makes it really easy to evaluate different attack methods because you can just take a path to the tree and see how you could protect it better.,I did not really find anything difficult about using ADTs. A reason for this might be that they use a lot of concepts from computer science I already learned in other courses.,Yes i really think they do. The main reason for this is that an attack tree is really easy to read. Since IT is becoming more and more important not only people with an IT background are involved in security. Since an ADT is very easy to understand it helps in bridging the gap between Management and the IT department. This makes the communication between these departments better and this makes it possible to make the security of the company better. In short I think the main place of ADT are at the intersection of management and IT.,1,1,0,Sometimes you have counter measures that only block a portion of attack node above. An example is the pick lock attack in the second ADT. The counter measure was that some safes can not be picked but you couldn’t really display this in the ADT. Something could be added to better display this.,Yes. I am studying computer science and economics and as I mentioned above I think this is where ADTs are most important. ADTs will be a valuable asset to bridge the gap between the two fields. Another reason is that I find ADTs quite pleasant to work with. They are very easy to work with. This makes it that you can be more involved in actually coming up with better security measures instead of being busy with how you are doing it.,1,6,6,15,25,2,8,6,0.25,1,0,0,0,10,1,1,1,2,1,3,0,3,1,1,5,5,3,1,1,5,7,5,1,1,There are a lot of attack vectors that are covered off with a defense. However there are still a lot of these vectors that can lead to a succesfull attack on the root node (overall goal) so i would say it is partly kept.,0,1,5,1,1
HT,9,4 Years,Yes,No,1,2,4,3,1,I found it very difficult to find the actual structure of the tree. Some nodes where difficult to place. Since you were able to add any intermediary nodes I found it difficult to actually understand which approach you should take. Especially the defense nodes threw me off. It took me a while to find the right structure. More information or some intermediary nodes would have been nice.,I first made a layout of all the leave nodes and the root node. From there I paired the nodes that would probably have the same parent node (like ’steal tools’ and ’buy tools’). Then I used a bottom up technique where I created the tree from the leaves to the root. Then in the end I added the defense leave nodes. I did change my structure a few times before I was satisfied.,2,2,9,19,6,2,6,0,0,2,0,10,2,1,1,The most difficult task was to formulate the defense nodes correctly. Since you were not allowed to add extra information I found it difficult to correctly describe the defense nodes.,I first put all the separate tasks into nodes so I have an nice overview. Then I assemble the tree line by line making sure the relations between the nodes/tasks are correct. Lastly I added the defense nodes and made the descriptions of the nodes as clear as possible.,I first started from the root node (open safe). From there I added the four ways that were given to open the safe. And then I completed each branch separate.,3,4,5,7,0,2,3,0,0,0,0,2,0,1,2,2,The easiest thing about ADTs is understanding the layout. I think an attack tree is very easy to read and understand.,I found it difficult to completely think out a scenario and think about all the different attacks/nodes are needed to make a complete an attack tree. When I had a clear description is was easy to create a tree. But when I could/should add my own nodes I found it difficult to think out every scenario.,Yes I think it has a place in designing a security plan. When something needs to have good security I think it is very useful to create a attack defense tree to understand and be able to communicate the vulnerabilities.,1,1,0,Maybe being able to add more Boolean expressions (like xor and xnor).,I am not against using ADTs in the future. I do hope that visualisation of a problem is something that I will use in the future. I am not sure if I will go in a security direction where I will encounter ADTs. However as I stated earlier I do prefer visualisation to communicate concepts or ideas.,0.5,5,5,11,23,2,7,6,0.2857142857,0,0,3,0,12,3,2,1,2,1,3,1,2,1,1,5,4,0,2,1,3,6,4,3,1,No since there is a attack vector that will break into the data confidentiality,1,1,7,3,2
HT,10,,,,1,1,1,2,3,Most difficult was finding the correct place to put the extra intermediary nodes. This was not always clear to me and I feel like a lot of different approaches would also be correct.,I solved this assignment by going logically through each possible route. Picking a logical next step until there wasn’t one to take anymore. This does mean that the AND operator nodes are tricky to solve.,2,2,7,13,3,3,4,0,0,0,0,6,0,2,2,The most difficult part was deciding where the countermeasures should go as at the time I did not understand them that clearly yet.,This one was easier than the previous ADT in terms of building it up. I just went throught the text and added as I went.,The root node ’Open safe’,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,It nicely visualises the threat scenario making it way more clear especially in more complicated cases.,A lot of times it was difficult for me to figure out wether a node should become a child or a sibling of another node or if perhaps a new intermediary node needed to be made. In a lot of cases it seems like mulitple options are correct.,Yes I feel that it does have space in the cyber-security industry. The professor mentioned at the start of this course that a lot of cyber-security work is fighting with higher-ups to convinve them that it is needed. ADT does exactly this by clearly visualising what the security department does for people who are less knowledgable about the field.,1,1,0,It would be good to have an indicator of how secure a counter measure is. Like two-factor authentication is more secure than just having a sticky note with the login details lying around but this is not clearly visible in an ADT.,I would definitely not mind having it as a supplement to a presentation.,0.5,7,8,9,14,1,4,3,0.25,0,0,0,0,5,0,1,2,1,2,,,,,,,,,,,,,,,,,,,,,
HT,11,,,,2,5,4,4,2,The most difficult task was making up the intermediate nodes. As we are given only attack leaves to make a complete attack defense tree. To come up with these intermediate nodes was hard to imagine.,I first looked at possible attack leaf pairs that had an AND relationship and placed them down in the tree. After that I placed down the separate attack leafs and looked at where I should place the defense nodes. Then I connected the defense nodes with the attack leaf. Then I looked at possible intermediate nodes to connect with pairs of attack leaves. Then I connected the root nodes with the attack nodes on the second arbitrary level. In my head I started with attack nodes that have a relationship and so must be together and then placing down the other nodes. My methodology was to first have the chaotic parts of the tree placed down and after that only place down the logical other nodes and connect them.,2,2,9,14,3,1,3,0,0,0,1,4,1,1,1,What did you find most difficult about this task? Why? The most difficult thing about this was finding out how I should place the “threaten safe owner” and the “find written combination” attack leaves. This is the case because they are both connected to the intermediate node “learn combination”. So to find out that the earlier 2 mentioned attack leaves have an OR connection was hard to find out.,I first noted down all the attack nodes and defense nodes. Then I looked at possible relationships between nodes. Then I started to make the ADT and put down the root node and subsequently put down one abstraction level below attack nodes and defense nodes if there is any. Then I will go 1 abstraction lower and keep putting down attack nodes and defense nodes if there are any until I reach the last abstraction level of the tree and am left with no attack and defense nodes to place down. My methodology was to place down all attack nodes and defense nodes including their relationships level by level. So i did it from top to down.,The first node I added to the tree was the goal of the attack (open a safe). Thus the root note. I did this to get an overview on to see what would be the attack nodes I should place below it.,3,3,5,7,0,2,3,0,0,0,0,2,0,4,2,1,The most easy part of ADTs was placing down the defense nodes in the ADT tree. The reason for this is because the defense nodes are for me quite clearly part of a specific attack node. And in this example when I had to create my own scenario it was also quite easy to connect certain defense nodes to attack nodes.,The most difficult part about using ADT’s was to recognise AND relationships between attack nodes. This was the case for me because I was often doubtful if I should place attack nodes below each other or in an AND relationship. 3. Do you think ADTs have a place in the cybersecurity industry? If so where? If not why not?,I think ADTs have a place in the cybersecurity industry in finding out what the attack approaches and defenses are for example in getting into someone else's account. With ADTs you get a clear overview of what kind of defense could be used and what kind of attack vectors someone can use to get into someone else's account. In general it gives a human a better overview of the security situation.,1,0.5,1,What I think is missing from ADTs is the likelihood of every attack happening. In a ADT every vector approach looks like it has an equal probability of happening. If you have an unlimited budget it is not a problem to invest in countermeasures against those attack vectors. But if you have a limited budget it is handy to know which attack vectors are most likely to happen and so protecting against the most common way of an attacker to seize the opportunity.,It is certainly more clear than just reading a bunch of text and translating in your head what kind of attack vectors there are and where to invest resources in. So yes I hope in the security world I will encounter more ADTs.,1,4,4,11,18,2,5,4,0.4,0,0,0,0,7,0,1,1,1,1,3,1,3,1,1,5,5,2,1,1,3,7,5,3,1,I think so. Because this tells the whole story of the functionality of an attack tree. Though its kinda hard to understand.,0,0,8,3,1
HT,12,,,,1,1,2,4,2,,Group all the leaf nodes and work up. If there are any that I cannot group look at the whole picture.,2,2,9,15,2,3,4,0,0,1,0,6,1,1,1,To read between the lines of the scenario. “Learn password has to be interpereted”.,Step by step. At every line add the necessary nodes.,Open safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,1,The readability,The changing of your diagram if you get new information,Yes in the requirements aspect.,1,0,0,Something to show the tree might continue later on. Some branches are perfectly done while others could always have more nodes.,If I go into requirements engineering yes,1,20,20,27,46,5,13,5,0.3846153846,0,0,1,0,19,1,1,1,1,1,,,,,,,,,,,,,,,,,,,,,
HT,13,2 Years,Yes,No,2,1,4,3,2,The meaning of some nodes were very vague to me since it felt like there was a lot of context missing. For example I still don’t really get what is meant by ”Gain Access” and I found it very hard to place this node in the tree. This node was also very confusing because I only could think of places where it wouldn’t be a leaf node but an intermediary node and I eventually still used it as an intermediary node because there were no places I thought it would fit otherwise.,I started by trying to cluster some of the nodes into groups that seemed similar like nodes having to do with tools or with getting help or information from the employees of the bank. I then added intermediary nodes for these clusters to build the tree up from the bottom until I eventually got nodes I could directly connect with the root node ”Rob Bank”.,2,2,8,13,2,3,5,0,0,0,0,5,0,3,1,I found making sure I put everything that was said in the text into the tree the most difficult part of this task.,I started by making the root node ”Open safe” since it was said that was the goal. I then added the other nodes when the text said it was a possibility. In the second sentence there were four options given to open the safe so I added those four options as nodes. After that there were options given how that form of attack could be defended for two options so I added those as defensive nodes. Lastly the ”Learn combination” attack was expanded a bit so I added those nodes to the tree.,I started with the root node ”Open safe” and the node ”Pick Lock” was the first non-root node I added to the tree.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,1,2,I found building a tree from a text describing a scenario the easiest part about using ADTs.,It sometimes feels a lot like the nodes are missing context to fully understand what they mean and I found it confusing at first how the defence and attack nodes interact. It was also a bit annoying to make the trees look nice in PDF format.,I don’t think I know enough about the cybersecurity industry to give an intelligent answer to this question but I think they could be useful to find weaknesses in your defence against cyberattacks.,0.5,0,0.5,I think that the nodes are sometimes too abstract and need something like a longer explanation what they mean to make the trees easier to understand.,I wouldn’t mind encountering ADTs in the future.,0.5,6,6,9,14,1,4,4,0.25,0,0,0,0,5,0,2,1,1,2,,,,,,,,,,,,,,,,,,,,,
HT,14,2 Years,Yes,No,2,2,4,1,,I found placing the defense leaf nodes in the correct place most difficult because I didn’t understand yet where in the tree they should be placed.,I scrolled through the slides of the lecture about ADTs and it helped me understand where they should be placed and not to forget where to put the dash line.,4,4,8,13,2,1,3,0,0,1,0,4,1,1,2,I find it most difficult to understand if I have got everything incorporated into the ADT. I still find that my tree is not finished as I would like to add more nodes but the question mentions clearly that you can not add extra information.,I started by placing the root node and it’s child nodes. Afterwards I filled up the rest of the tree by reading the text a couple of times and making sense of the text.,The first node was the ’Open safe’ node.,3,3,5,7,0,1,3,0,0,1,0,2,1,3,2,2,Figuring out which should be the correct attack nodes and in which order was fairly easy to me.,Using and placing the defense nodes was and is difficult for me.,Yes for sure! It can for example be used in threat modeling or risk management.,1,0,0,The nodes are all really concise but I think it needs some context sometimes.,I don’t necessarily hope to encounter them but if I do I wouldn’t hate it since I have some understanding of them now.,0.5,8,8,15,23,1,2,5,0.5,0,0,4,1,7,5,2,1,2,1,,,,,,,,,,,,,,,,,,,,,
HT,15,,,,2,2,1,1,1,Locating the places where the defense nodes should go as I do not see where the check of an employees financial situation would be helpful.,I started with looking at which nodes went together and were connected to each other. From those smaller trees I made the final tree.,1,1,8,14,2,4,4,0,0,0,0,6,0,3,2,Deciding which nodes there were from reading the text,First I made a list of all items that I thought were nodes from the text. After that I ordered the nodes and looked at which ones were connected. Then I completed the tree.,Open safe.,2,2,5,8,0,2,3,0,0,1,0,3,1,1,2,1,It offers a quick view of attack/defense scenario.,Sometimes nodes seemt o be able to be connected in different manners. So it is not always clear what the best place for a certain node is.,Yes attack trees describe where attack possibilities lie and how to prevent thenm. This might be useful when deciding if it is worth to defend something.,1,0,1,I think there can be overlap between scenarios that can no adequately be expressed in an attack tree.,No.,0,2,2,7,12,1,3,4,0.3333333333,0,0,1,0,5,1,2,1,1,1,,,,,,,,,,,,,,,,,,,,,
HT,16,,,,1,2,3,2,1,Most difficult in this task was figuring out how to structure the tree with the leaf nodes already being given. It takes some creativity to figure out how some of the nodes are connected to the scenario and what needs to happen for all of the situations described in the nodes to form a whole scenario.,The way I solved the task was by trying to find common themes between some of the leaf nodes by way of asking myself what question the nodes would be the answer to. For instance why would you hire someone in a bank heist? Most likely to get an accomplice or a man on the inside. You could also promise someone part of the stolen money to get an accomplice.,2,2,9,5,5,2,5,0,0,0,0,7,0,1,2,The most difficult part of this task was figuring out a good way to name the nodes. For some steps it was somewhat difficult thinking of a node name that's both short enough to fit as a node and still describe the situation properly.,The way I built the tree was by reading the text and at each point I thought that a node was needed to match the tree to the text I added one. Whenever it became clear to me that a node would have multiple children I read ahead in the text to approximate how many nodes each child would have and I placed the children consisting of fewer nodes more to the outside to preserve space for the rest of the tree.,The first node I placed was the ‘open safe’ node.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,1,2,ADT’s do not have a lot of specific rules for making them so using them is not all that complicated.,Due to the amount of freedom you have in making them it takes quite some creativity to come up with an ADT that is not confusing to read if you don’t know the exact thought behind it.,I do think they have a place in cybersecurity. They present a method of explaining threats that's not overly complex and easily applicable in a lot of scenarios.,1,1,0.5,It might be useful to define how defense nodes can interact with sensitivity analysis. For instance maybe a defense node can state by how much they reduce the chance of a certain attack or what the chance is with said defense in place.,If I were to get involved in cybersecurity then I’d hope to encounter them again.,1,3,3,10,15,3,3,4,1,0,0,0,0,6,0,1,1,1,1,3,2,2,1,2,5,1,0,2,2,3,5,4,2,2,The overall goal is not kept. The ADT is way too big to be easily comprehendable and some of the nodes like find note for example are hard to understand.,1,0,7,4,3
HT,17,,,,2,1,2,3,1,Placing the defense leaf notes was the most difficult part. Mainly because those nodes can be placed at totally different parts of the tree. For example “Check employee financial situation” is now applicable to bribe the personnel but it could also be used for ”Hack personnel” because they might neglect virusscanners and other security-measurements to save costs.,With this task I constructed the tree with a bottom-up approach. I did that by looking if some leaf nodes belonged to each other (using AND) or some leaf nodes were in the same realm (using OR). That’s how I connected “Locate start tunnel” and “Find direction tunnel” on one side of the tree and “buy tools” or “steal tools” on another side of the tree. After that I looked if there was a way to connect those dots to a motive like bribing. That is how I worked my way upward.,2,2,9,16,4,3,5,0,0,0,0,7,0,2,1,The most difficult thing for me during making this task is making sure that the defense nodes are connected properly. That is because “Learn combinations” had multiple defense nodes that I have solved using two intermediaries.,To build the ADT I carefully followed the description and added the nodes one by one in a top-down manner. I used top-down because the description started with the goal of the attacker namely “Open safe”. In the second sentence of the description the author states what the attack nodes below “Open safe” should be so I add those. After that the description lists a couple of defense mechanisms. I add those defense mechanisms in the form of defense nodes by using intermediaries.,The first node was “Open safe”. Simply because the description starts with the goal and works downwards from there. So I used a top-down approach to build the ADT.,4,6,4,5,0,1,2,0,0,0,0,1,0,1,4,1,ADTs give you a very comprehensive representation of the threat scenario. When you read a text you have to map in your head how the attack threat is actually layed out and what defense mechansims are available to particular threats. Meanwhile an ADT allows you the look at the whole scenario at once take it in and understand it.,ADTs are sometimes difficult to construct. Firstly the attacking nodes can sometimes be connected differently: the nodes can be used in an OR-correlation or an AND-correlation. For example when hacking you can buy tools and/or steal tools. Apart from that the defense nodes are sometimes quite difficult to place because they can be placed at multiple attacking scenarios like discussed at the first task.,ADTs absolutely have a place in the cybersecurity industry. They can be very usefull for making immediatly clear what kind of attacks are out there and how we protect ourselves to it. They can be very helpful at showing what attacking scenarios need extra protection: In an ADT you can immediately see if there is a defense mechanism for the particular threats. For those purposes ADTs can be used at cybersecurity-faculties but also the managers because of the accessable and easy-to-understand nature of the ADTs.,1,1,0.5,ADTs are not very specific in the attacking scenarios and the defense mechanisms. For example you can use a hacktool but that doesn’t say much about the hacktool itself. If you protect yourself against hackers for example with a firewall you might think that you are well-protected even though the firewall might not be configured properly or hasn’t had the latest updates installed. It would be great if you could for example be directed to more specifications of a node of the ADT if you click on it.,I hope to encounter ADTs in the future mainly because they provide a framework for me to get to know the attacking scenarios that might occur and the defense mechansims that are already in place. Making sense of a subject when I’m just starting out is quite difficult for me and ADTs provide a good framework to get started and to keep track of the threats and protections that we have.,1,4,5,9,14,1,3,4,0.3333333333,0,0,1,0,5,1,2,3,1,1,,,,,,,,,,,,,,,,,,,,,
HT,18,3 Years,Yes,No,2,1,3,2,4,The most difficult aspect of this task was restraining myself from using leaf nodes as intermediary nodes. It is a very attractive idea to use the get access node as an intermediary node.,For solving this task I first divided the leaf nodes into nodes that might form groups (leafs corresponding to and or or relationships). I then decided which nodes corresponded to the defense nodes and connected those. The last step was defining the intermediary nodes to couple the different leaf nodes to the root node.,2,2,12,15,2,4,3,1,3,0,1,3,5,5,4,This task wasn’t difficult at all. I would consider the most difficult part of this task choosing the terms that should be placed into the nodes. You don’t want to copy the entire sentence but you still want to retain the sentence’s information.,While reading the scenario I wrote down which nodes had relationships to which other nodes and which nodes were defense nodes in a list. I then created the ADT using that list.,The root node: Open Safe,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,3,Using ADTs allows you to really find all approaches for a certain attack,It is difficult to think of the division of nodes and to restrain yourself from using time as a split for the nodes. It is hard to only create attack component / goal nodes instead of timed nodes,Definitely. When coming up with defenses for a certain attack an ADT could prove quite useful. However I don’t think they are not as good for communication with people who do not have a background including lessons about graph theory,1,0,0.5,It might be useful to include some option that allows avoiding redundancy. In the ADT for the first task for example the gain access node is used quite often. This is however mainly because it was specified gain access should be a leaf node of the ADT.,I hope I never have to use ADTs again but that is just a personal preference. I just don’t enjoy working with graphs since I’m not really a visual(ly thinking) person.,0,2,2,10,15,1,5,4,0.2,0,1,0,1,5,2,2,1,2,2,3,1,2,2,4,5,4,2,2,2,5,7,5,2,2,Yes. Because the overall goal is to model different threats and/or their defenses and that is exactly what happens in this ADT.,0,0,7,3,1
HT,19,10 Years,Yes,No,1,1,2,5,4,I found it most difficult to assemble a story in my mind from the given nodes because I felt all nodes had a very distinct purpose and they were just disassembled from an ADT someone created earlier and that I now had to recreate. I found myself not just asking the question “what would an attacker do?” but also the question “why did the writer of the assignment put this node in and what would they want me to answer?”.,For every node I tried creating a path from that node to the attack goal. So given an attack node such as “Buy tools” I would wonder how buying tools helps robbing the bank and what other nodes are needed for it. This way I worked in a bottom-up manner.,2,2,10,16,2,4,5,0,0,0,1,6,1,1,5,Because of the fact that all the attack nodes and countermeasures were essentially given in the task specification (though not as a bullet list but in text form) the only thing that was a little tricky about this task was to assign the right countermeasure to the right attack node. Other than that I did not find this task difficult to be honest.,First I tried to distill the individual nodes that the text specified and split them into attack nodes and defense nodes. Once I had those I assigned the right defense node to the right attack node and assembled the tree based on that.,,3,3,5,7,0,2,3,0,0,0,0,2,0,1,1,1,I feel ADTs very easily give you an overview of a problem. You can truly grasp a problem in much less time than through a larger piece of text.,Creating an ADT can be difficult due to the varying levels of nuance: how many steps do you want to include how many layers should the ADT have etc. They require careful balancing of showing as much,I think ADTs certainly have a place in the cybersecurity industry. I feel they can be very helpful in communicating and even “translating” between technical cyber security staff and less technical management staff.,1,1,0,The only thing that comes to mind is numerical properties such as an expected cost or expected probability. The edges in the ADT could have probabilities attached to them to better show what levels of risk we are dealing with.,I do! Because of my double degree in Business and Computer Science I really see opportunities for using ADTs in corporate settings as a means of communication for making better business decisions.,1,7,7,7,9,0,2,3,0,0,0,1,3,3,4,1,1,2,2,3,1,2,1,1,5,4,2,2,2,3,6,4,2,2,No because the ADT became very complex,0,1,7,4,4
HT,20,2 Years,No,No,2,2,4,4,3,Coming up with the intermediary nodes of this tree since I only have the leaf nodes which give a vague direction to the shape of the tree.,By grouping leaf nodes which I think were connected via a intermediary node and to do so again but with the node groups until I have the complete tree,3,3,9,14,2,2,4,0,0,1,2,5,3,1,3,Understanding that a defense of threat needs to be placed above it in the tree since while making the tree top-to-bottom you ‘read’ the tree bottom-to-top.,First by determining the main goal and then determining its sub-goals and the determining (if needed) their sub-sub-goals.,Initially I first added the ‘Pick Lock’ node but then I found out it was supposed to have a defense.,3,3,5,7,0,1,3,0,0,1,0,2,1,3,2,2,That they allow to visually represent the safety or threat of a certain security issue.,Mainly to choose the correct nodes to use in the tree.,The concept op ADT’s have a place in cybersecurity since a computer can understand trees thus it can in way be automatized allowing computers to recognize possible security threats.,1,0,0,A way to apply multiple ‘degrees of defense’ in one single branch since there are multiple ways to deal with a threat but some are better than others.,I do an mainly in a adaptive way for algorithms to work with them,1,4,4,5,5,0,0,1,,0,0,0,1,0,1,3,1,1,3,,,,,,,,,,,,,,,,,,,,,
HT,21,1.5 Years,No,No,2,2,4,3,1,I found interpreting the leaf nodes as leaf nodes and not as intermediary nodes the most difficult. In my opinion some leaf nodes had to have a clarification for example Gain Access. Some leaf nodes resemble each other very much in the beginning it was very difficult to understand that the could be attached to the same node or that it does not really matter if they resemble each other.,I attended the work groups and started the assignment there. After reading the assignment I often asked questions to better understand some difficult parts on the attack trees. Then I started to draw the ADT and whenever I found something i did not understand I would ask for assistance from a TA.,2,2,9,15,3,3,5,0,0,0,0,6,0,1,2,I found it difficult to not add more intermediary nodes to the tree. And it was difficult to interpret the sentence There are also auditing services to check if safes and other security technology is installed correctly. The part where it says if safes and other security technology difficult to interpret because it also applies to other security too and i did not know what the other security technology would protect. So I couldn’t add it to my tree for other measurements.,My approach to building this ADT was first read the whole story and then write down the root Open Safe. The story mentioned four ways to open the safe I made four different nodes which are all attached to the root. For each root I read the story again to find possible nodes which could be attached to node.,The root node Open Safe,3,3,5,7,0,1,3,0,0,1,1,2,2,2,4,2,It was easy to make connections between nodes.,I found it difficulty to avoid the octopus trail in some attack scenarios.,Yes they have a place in the Cybersecurity industry. I think they would be most useful in the beginning of a project. using the ADT the project team has a clear overview of what they should defend and how they can defend against it. This can show the team what is more important to defend against and they can list their priorities.,1,1,1,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,,,,,,
HT,22,,,,1,1,3,4,2,I had the most difficulty with adding the needed intermediary nodes in the right place and naming them as understandable as possible. It was mostly difficult for me to find out how many intermediary nodes would be optimal for this ADT as it isn’t known beforehand how many of these should be between the leaf nodes and the root node.,To solve the task I first tried grouping some of the leaf nodes together by looking at which ones would most likely be children of the same intermediary node for example the ”buy tools” and ”steal tools” nodes would probably belong together. After this I placed empty intermediary nodes in places where they were still needed to connect the leafs to the root node. Once these were placed I tried to name these nodes in a way that would make this ADT as understandable as possible. As a final step I added the defense leaf nodes in places where they would be useful.,2,2,9,14,1,4,4,0,0,0,1,5,1,1,2,There wasn’t really anything in this task that was especially difficult but if I have to pick one thing it’s probably figuring out what the nodes should be. As in this task the nodes aren’t already listed and you have to put more effort in to finding out which part of the text should be nodes. This makes it relatively easy to miss a few or to put the wrong text in the nodes.,My methodology was very similar to the first task but now I first tried to figure out from the text what the nodes should be. Once I had created all the nodes that I thought were needed I once again tried to group as much nodes together like the ones about the safe combination. After creating an ADT with just the attack nodes I added the defense nodes in the right place.,I first added the root node with the text ”Open safe” as this is mentioned in the scenario as the main goal of the attacker and was thus the most obvious option to start building the ADT with.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,5,1,I primarily found it an easy way to visualize scenarios that would otherwise be written only in text. It makes it easier to make your scenarios clear to others or the other way around.,The most difficult thing for me was to describe the complete scenario using an ADT as I feel it was easy to miss a few nodes or to place them in the wrong position.,Yes I think they certainly have a place. Mostly as an easy way to make people aware of possible attack scenarios and to help explain why some defenses might be useful/worthwile to implement. As this is a thing that ADT’s make more clear than just a text description.,1,1,0.5,I don’t really think anything is missing from ADT’s as it’s already possible to add information to nodes like probability cost and time. I think it’s possible to add all important data to an ADT this way.,Yes certainly. I think that graphs/images can often be a much better way to display information than just plain text especially in case of attack scenarios as it makes it much more understandable even for people who are not an expert in an area.,1,3,3,9,15,1,4,4,0.25,0,0,1,1,6,2,2,1,2,1,3,1,2,2,2,5,4,2,2,2,3,5,5,1,2,Yes as the amount of attacks and defenses grows an ADT like this one gives a clearer view about how they relate to one another than what would be the case with a written description.,0,0,8,1,1
HT,23,,,,1,2,2,3,1,The part I had the most troubles with was trying to figure out what the scenario was that I could make with the leaf nodes. For example I had a hard time trying to come up with a scenario in which I could use the defense lead nodes and some of the attack leaf nodes. The reason this was hard was because I was restricted to using these specific leaf nodes.,The first thing I did was try to split the nodes into two groups one for breaking in and one for convincing the employees. After this was done I thought of intermediary nodes that I needed. After the basic structure was done I checked if the children needed to be in and AND relationship or an OR relationship.,2,3,9,15,2,4,4,0,0,0,0,6,0,2,1,What I found most difficult was to decide whether children have an AND or an OR relationship. The reason for this is that I always read over text to quick.,I started with writing down all of the nodes. Then I made the ADT layer for layer first looking at the attack nodes. After I got all the attack nodes I looked at the defence nodes.,The root node.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,I prefer visual representations when trying to understand something so ADTs are really useful.,What I found difficult was that sometimes I had scenarios where I was not totaly sure how to make a correct ADT.,I think they do. ADTs give a clear visual representations about attacks which help to understand the idea of how attacks work. This is especially useful for for example anti-virus industries.,1,0.5,0.5,What I think missed from ADTs are specific scenarios in which you would need multiple steps for an attack what I mean by this is a single line of attacks that would build up.,Yes I do like I said before I really like the visual representation.,1,4,4,12,21,2,7,5,0.2857142857,0,0,0,0,9,0,1,1,2,1,,,,,,,,,,,,,,,,,,,,,
HT,24,6 Years,Yes,No,2,2,3,1,1,One of the things I found difficult was not to use the leaf nodes as intermediary nodes. This is because “Locate the start of the tunnel” and “find direction to tunnel” seem more like one node to me. In addition the variety of all the leaf nodes made it hard to find any common ground to group them well together.,I started with writing down each leaf node and slowly progressing to the top of the tree by forming groups and combinations.,2,2,9,15,1,5,4,0,1,1,0,6,2,5,2,The process of deciding whether nodes could be grouped together or not. This is because the “Find the written down password” and “Get combination from safe owner” could be related to one another in some cases.,I did start off by reading the text and making up the different possible nodes and then continue with building the tree from the bottom to the top as I did by the first ADT.,“Pick a lock”,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,I find it easier to understand the entire scenario of the attack rather than knowing all the different defend moves you could do against one type of attack. This helps you defend more rather than specify into one attack,I think the biggest aspect that is hard is not defining an action but rather the risk and of course that there isn’t one easier tool that would make it more pleasing to create these ADTs,I do find ADTs to have a place in cybersecurity and mostly as the top layer over a project. This way you always know where the risk lies at every point during the development of the project. This allows for scalability and possibility to cover all of the project or the important aspects of a project to be implement “secure” (if the developers code with the information from the tree),1,0,1,Easier creation it is quite a hassle in draw.io to design such a system since they don’t have a specific section for it. For example it would be nice to have a feature where you can just click an arrow to add another node to another node. In addition automatic positioning of the nodes would help for visibility and consistency when reading a ADT,I think they are helpful during the design phase of a project or when assessing the risk of a project. However I am not planning to be within this part of development. Therefore I don't expect myself to work with them often. I don’t find them annoying to look at or read them but I won’t say i would hope seeing them since that would mean I probably programmed unsafe code,0,4,4,7,10,2,3,3,0.6666666667,1,2,0,0,3,3,2,2,1,2,,,,,,,,,,,,,,,,,,,,,
HT,25,3 Years,Yes,No,2,1,3,3,3,The most difficult part of this task was to think of intermediary nodes which fit right with the given leaf nodes. Moreover I had a hard time deciding where I had to place the defence nodes.,After that I looked at leaf nodes that could be grouped together. For example: ”Steal tools” and ”Buy tools” seem like two options that could be subsituted for each other. What i mean by this is that the thief could either ”Steal tools” or ”Buy tools”. After grouping them I looked at which intermediately nodes I could add to create small trees. In the end I connected the smaller trees to create the entire ADT Tree.,2,2,8,13,3,2,3,0,0,0,0,5,0,1,2,Again the hardest part was to determine where I had to place the defence nodes. I think it would be good if I took another look at the theory to get a better understanding of the structure of Attack Defence Trees.,While reading the text I started drawing the tree. At the end of the text I checked if I drew the leaf nodes correctly and placed the defence nodes in the correct places.,The first node I added to the tree was the ”Open safe” node since that is the first node that is mentioned in the text.,2,2,5,7,0,2,3,0,0,0,1,2,1,5,4,2,It gives a clear overview of the attacks to something. Also connecting the nodes is quite easy.,I still find it very hard to see where I should place and connect the defence nodes. Also I have a hard time understanding why ADT’s could be useful in practice since it does not give a detailed view of the problems.,It certainly has a place in cybersecurity. Like I said it gives a clear overview on what the attacks are. This could be very useful when one has to explain difficulties and attacks to someone that has no knowledge about Computer Science.,1,1,0,I think ADT’s miss details. The problems are written in only a few words which is not enough to think of a solution to the problem.,I hope I encounter ADTs in the future so that different problems can give me clear overviews of attacks.,1,2,2,11,20,5,3,5,1.666666667,0,0,1,0,9,1,3,1,2,1,,,,,,,,,,,,,,,,,,,,,
HT,26,,,,2,3,2,4,2,The hardest part of assembling an attack tree for me was to limit myself to one interpretation for the use of different leaf nodes. While assembling the tree I came up with new ideas to arrange the different leaf nodes because the possibilities seem endless because the context is vaguely described so most of the task is up to my interpretation and imagination.,Because we are only using leaf nodes I first thought about which ones could be summarized with an intermediary node. I chose Breaking In first because the according leaves were really obvious to me. In order to have a successful break in all these steps need to be handled with so I used a conjunctive refinement. After that I figured hiring outright means not having to worry about anything else because professionals would do the planning so I connected it to the goal Rob Bank immediately. Last but not least I figured walking through the front door could only be realized by someone working there so I associated it with threatening insiders and promising them part of the stolen money. I added the defense nodes in between these attack nodes because they were suited there best.,1,2,9,11,1,1,3,0,0,0,1,2,1,4,2,For me the hardest part is what to do with the information given in the last sentence. Also giving the nodes an appropriate name was challenging for me because I feel like simplifying the verbalization could risk making it understandable to everybody.,I used the top-down technique meaning that I started with the goal opening the safe. Afterwards I added the 4 different ways of opening the safe. For finding out the password I added the ways of getting your hands on the password. Finally I added the defense nodes for anti-pick locks and auditing services. Generally I made a lot of changes during the process of building the ADT because I was not sure if I used the defense nodes correctly.,The first node I added was the goal opening the safe because I felt that from there on I had the easiest starting point for building this certain ADT.,3,3,5,7,0,1,3,0,0,1,1,2,2,2,1,2,I could make an ADT that was based on my experiences. This makes the task easier because I feel like it applies more to my daily life.,I found it difficult to structure my ADT appropriately because while I was doing it I always came up with new ideas that I could add or subtract.,Yes they definitely have a place in the cybersecurity industry because they offer a way of visualizing complex scenarios which can help identifying weaknesses and security risks for the operation.,1,0.5,1,I think signalizing the importance of certain nodes could be added in order to put focus where it is due.,I will be honest and say that I hope I will not encounter ADTs because I am aiming at working in a field that is not related to security at all but who knows things change people change this may change.,0,3,4,5,6,0,1,2,0,0,0,0,0,1,0,3,3,1,3,,,,,,,,,,,,,,,,,,,,,
HT,27,4 Years,Yes,No,1,2,2,2,2,Finding the structure behind the leaf nodes since more than one option was often possible.,By grouping the most similar nodes(such as ’Buy tools’ and ’Steal tools’) then adding those under an intermediate node.,2,2,9,16,1,6,3,0,0,0,0,7,0,1,1,Honestly this task was not very difficult. The hardest part was figuring out how to put the tree in LATEX,Since the text was rather straightforward it came down to simply dividing the different attacks into subtrees and leafs,The root node ’Open safe’,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,Constructing and understanding them was fairly easy to me.,Getting a good overview of a tree especially larger ones.,Yes in modelling the possible threats to an asset.,1,0,0,As mentioned large trees can still be hard to comprehend therefore further customization could enhance them. For instance adding meanings for color shape etc.,If I were to pursue a career in security ADTs would be of great assistance.,1,5,5,9,14,2,3,4,0.6666666667,0,0,0,0,5,0,1,1,1,1,,,,,,,,,,,,,,,,,,,,,
HT,28,4 Years,Yes,No,1,2,4,4,2,Trying to find a reasonable combination of goals and subgoals that would make sure to get all the given leaves into the attack-defense tree in a logical fashion. The reason this was hard was because I need to combine multiple leaves and at the same time create a logical story.,I used the leaves to reason about what kind of goals I wanted and logically could create. For example I knew I needed to rob a bank and that I had the 2 leaves about a tunnel so I reasoned I could make one way of robbing the bank be building a tunnel.,2,2,10,16,2,4,4,0,0,0,1,6,1,1,2,I didn’t find anything really difficult about this task. If I had to point out one thing it’d be putting the node at the right place after reading about it in the paragraph. The reason this could be seen as difficult was because it wasn’t in the most logical order left to right e.g. the next nodes for ”Install Safe Improperly” get mentioned before the next nodes for ”Learn Combination”.,I read the story and added the nodes one by one the moment I read about them. Luckily the text was written in a wel-designed order making it easy to follow up on nodes I already created,The first node I added to my tree was the root node ”Open Safe”. This was the first node mentioned and is also the most convenient node to start with.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,2,ADTs give a great and simple way to illustrate a problem. It’s easy to understand and construct.,The most difficult thing about ADTs has to be finding all the necessary nodes to your problem. Constructing the tree itself is very doable.,Yes I think they have a place. They are a good way to document possible vulnerabilities and allows developers to easily get a view of said problems. Software Developers could start making their own ADTs to get a clear view of what they’re dealing with.,1,0.5,0.5,I don’t think there’s anything missing from ADTs. They are a specific kind of tree for a specific problem and it does it’s job well.,Yes I think it’ll help with understanding attacks and defenses more easily and at just a glance.,1,2,2,12,20,4,4,4,1,0,0,0,0,8,0,1,2,1,2,,,,,,,,,,,,,,,,,,,,,
HT,29,1.5 Years,Yes,No,1,3,4,3,2,The hardest part of this task was to make up the intermediate nodes. What made it even harder is knowing that all the gives nodes were leaf nodes so they were the last step of a plan. It’s difficult to have the first and last steps and figure out what happened in between that especially if you don’t have experience robbing a bank.,I started with the leaves and worked my way up trying to think what can be done with the leaf nodes to bring us one step closer to the ultimate goal.,1,2,8,14,2,3,5,0,0,1,0,6,1,1,2,The most difficult part of this task was to properly capture the relationship between nodes because the text description isn’t very clear on what should happen together and separately.,I read the description and tried to identify all the nodes/elements that should end up in the tree. Then I followed individual paths and looked at what was mentioned about that specific path and add that to the tree.,The first node was the main goal so open the safe,0,0,6,11,2,1,3,0,0,2,0,5,2,2,4,1,Constructing reading and explaining one is very simple,Since they usually include committing a crime its hard to imagine what steps and elements are needed to successfully commit one. It is not something I have a lot of knowledge or experience with,I definitely think they do. It helps communicating what the threat is and it help visualizing where things can go wrong or where extra security measures are needed. It also makes clear what vulnerabilities need work and which elements of the attack are simply out of control.,1,1,1,Perhaps current security systems that are already in place. I think seeing the nodes that don’t need extra attention is a beneficial way to make sure that all the attention is going to nodes that aren’t protected enough yet.,Yes it is a fun part of security.,1,0,0,17,31,6,7,5,0.8571428571,0,0,1,0,14,1,1,1,2,1,,,,,,,,,,,,,,,,,,,,,
HT,30,1 Year,Yes,No,2,2,3,4,2,I found it a bit difficult to put the leaf nodes in an order that makes sense. Once I had a beginning the rest was easier but the start was the most difficult part for me. However at the end I was doubOng if I should switch some of the leaf nodes and then I was insecure about the whole thing. I started to see another possible soluOon but I sOcked by my previous guess.,thought about what the main goals are and put them in the top. Then I just made the logical order for each group.,3,3,5,10,0,2,4,1,0,3,1,5,5,3,2,The most difficult part for me was ge^ng the right acOons from the text. Once I had the acOons it was doable to combine the right ones with each other just like in the previous exercise.,I tried to make a list like the one that was made in assignment 1.1 because I got a bit stuck at the beginning and thought that such a list would help me to create the a6ack-defense tree. First I decided what the main four leaves would be: pick the lock learn the combinaOon cut open and install improperly. From there I put the other leaves at the correct posiOons.,The first node I added was: ‘Open safe’.,3,4,5,7,0,2,3,0,0,0,0,2,0,2,3,3,They provide a clear vision of the potenial a6ack scenarios and the potenial opions to counter it. It also uses a clear structure that breaks complex scenarios down into smaller components so that it is easier to understand.,I found understanding the interface of ADTs the most difficult. Each ADT has a specific set of operaions that can be performed on it. I find it difficult to understand which operaions are available and how they can be used to manipulate the data.,Yes I think attack defense trees have an important place in the cybersecurity industry because they can be used to understand potenial security threats and may help with finding a defense against these threats. It can help organizaOons to implement more effecive security measures.,1,0,1,I can come up with only one aspect that is missing from ADTs which is the fact that ADTs cannot handle muliple processes accessing the same data at the same time. I think this is something ADTs should be built to handle.,I don’t necessarily hope to encounter ADTs in the future but I’m prepared to learn more about them and use them as a part of my study work.,0,3,3,9,15,0,6,4,0,0,0,0,0,6,0,2,1,1,1,3,1,4,2,5,9,8,6,3,5,9,11,5,3,5,yes,0,0,8,4,5
HT,31,1.5 Years,Yes,No,1,1,3,2,2,The most difficult part of this task is to create the needed intermediary nodes to create an Attack- Defense Tree with the given leaf nodes. It requires creativity to come up with these nodes and think as if you are the person that is planning to rob a bank.,To assemble this ADT I used the Bottom-up method. I first started grouping the leaf nodes together which seemed to have something in common or are related to each other and imagine scenarios where they could be used for. Following that I proceed to create the intermediary nodes that connects the nodes within each group: • Walk through front door Locate start of tunnel and Find direction to tunnel are ways to enter a place in this case a bank. • Steal tools and Buy tools are needed to break into something such as a vault door. • Personnel risk management and Check employee financial situation decrease the chance of hiring a corrupt employee that will help the criminals get access to the vault. You can also threaten insiders to unlock the vault. All these nodes can be connected to an employee attack. • Promise part of stolen money and Hire Outright are ways to get people to participate in this operation. • Destroying a vault door and unlocking a vault door are ways to break into a vault. At last I Connected Enter bank Get aid from others and Break into vault to the root node with an AND relationship as all of these intermediary nodes are needed to rob a bank.,2,2,9,17,2,5,5,0,0,1,1,8,2,1,2,The most difficult part of this task is to deduce the nodes from the text and how they relate to each other.,To build this ADT I used the Top-down method. First of all I read the scenario carefully put down the root node and try to deduce all the attack nodes. Following that I connected the attack nodes that open the safe to the root node and linked the sub components to the applicable node. At last I deduced the defense nodes in the text and linked them to the appropriate attack node.,The first node I added to my tree is the root node Open safe as it is the main goal I was working towards and made it easier for me to imagine the whole picture.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,It helps me visually represent the various attack scenarios and the corresponding defense strategies. I’d imagine this will make it easier to communicate the security strategy to others.,It is really hard to find all the possible attack vectors in a scenario as you need to have the same knowledge and think as the attacker. Attackers will also find new ways to infiltrate as time passes.,• They need to have the available people to create and maintain ADTs as it can be a complex piece of work in larger systems. • People with powerful positions in a company need to be able to understand ADTs. • It needs to have a large and complex enough system so the ADT serves an actual purpose a smaller company with a simple system may not need an ADT.,1,1,0,Not all threats are equal and to visualize that an ADT can show how dangerous or vulnerable a threat is with the size of a circle or thickness of a line. So for example the bigger the threat the bigger the node. This can help people to easily spot and to prioritize the areas where they need to work on defending.,I do not know yet if I am going to work in cybersecurity yet but if I do I’d rather see an ADT than a piece of text.,1,8,8,13,25,2,8,6,0.25,0,0,2,0,12,2,1,1,1,2,3,1,5,2,2,5,9,8,3,2,10,12,5,2,2,,,,8,3,2
HT,32,,,,4,3,4,5,3,The most difficult part of this task was finding good intermediary nodes that could correspond to the given leaf nodes because this is like solving a formula with only the answer. The process of coming up with a leaf node corresponding to an intermediary node is (at least for me) simpler than coming up with an intermediary node that corresponds to a leaf node.,To solve this task i first wrote the root at the top and all the leaf nodes to the side then i thought of intermediary nodes to go directly above a leaf node once all leaf nodes had a intermediary node i combined as much intermediary nodes and their leafs as possible. This is a bottom-up approach.,2,3,9,16,3,4,5,0,0,0,0,7,0,4,5,The most difficult part of this task was the placement of the defense nodes because I am not sure if the defense nodes in this assignment have to be leaves or not. As I understand it when a defense node is a leaf node it is an 'unbreakable' defense and a defense node is used as an intermediary node it is 'breakable' and strategies have to be provided to break it this was not possible in this task as adding extra information was not permitted.,I read through the story and wrote down what i thought would be the; root node leaf nodes and defense nodes. When i was done reading I put the leaf node on top and connected all the root nodes in the way I thought best fitted this assignment.,I first added the root node (goal) to the tree,3,3,5,7,0,2,3,0,0,0,0,2,0,3,4,4,What i find easy about using ADT's is that when constructing them it is easy to see when something is missing because of concise nature of the notation it is also easier to grasp the concept that the author is trying to get across as opposed to it being written down in tekst.,Making an ADT is more work than simply writing down the scenario as text also it is easier to write it down than to draw/construct it. Also for more complex scenarios ADT's would not be as useful it is easy to find the essence of a plan when it can be contained in an ADT with (let's say) a maximum of 20 nodes but finding and understanding the plan of an ADT with 200 nodes is very hard and not that useful.,ADT's do have a place in the cybersecurity industry the place I would envision them would be as a graphical representation in scientific papers and school books as to simplify them to people who are new in the field and also to concisely conveigh attack-plans.,1,1,0,What I miss from ADT's is a way to highlight the most efficient path to a succesfull leaf node or the path to the leaf node with the least amount of defense nodes.,I do hope to encounter ADT's in the future in a more refined form so that they can be used to conveigh complex plans efficiently and clearly.,1,4,5,9,15,1,5,4,0.2,0,0,0,0,6,0,1,1,1,1,,,,,,,,,,,,,,,,,,,,,
HT,33,3 Years,Yes,No,1,1,2,1,1,I found the task relatively easy the most difficult for me was to understand the whole scenario properly. It took me some time to get the idea behind some of the leave nodes and how they would fit in into the total scenario that has to lead to the goal ”Rob Bank”. Some of the leave nodes could be used in different attack vectors if other intermediary nodes were to be used.,I decided to built the tree bottom-up this was mainly driven by the leave nodes that were associated with the tunnel. To get from the tunnel to the actual bank robbing it made more sense to me to work ”up the tree” to see what intermediary nodes would fit into the scenario. Once a full path from the leafe nodes with the tunnel unto the root ”Rob Bank” was reached I added other possibilities to which the remaining leaf nodes could be attached.,2,2,12,22,2,8,7,0,0,0,0,10,0,2,3,The scenario was quite straight-forward. What I found most difficult was not to add extra details into the scenario. I also struggled for a bit with the question whether I should add the counter measure ”using auditing services” to the attack leaf with ”pick the lock” as well since an unpickable lock is only unpickable when it is properly installed.,As stated the scenario was quite straight-forward and written in ”chronological” order therefore I chose for a top-to-bottom approach to built the ADT.,The root node: ”open safe”.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,They are easily read and the goal of each (sub) tree is very clearly understood. For me ADT’s very intuitively apply to the scenario’s that they are used for.,I did not really find it very difficult to understand and use the treestructures. I did sometimes find it difficult to use the exact words/proposed leafs to built an ADT from as was the task in these assignments I found it easier to built them totally myself.,I think ADT’s can be a very useful and very powerful tool in representing and discussing attack scenario’s. They really demand you to break down some attack into smaller components and to precisely (yet concise) formulate each step of an attack and the possibly corresponding counter measures. So they can be used in the process of trying to find weaknesses to your system and ways to fix these.,1,1,1,I think ADT’s are already very useful and clear structures adding anything might make the drawings more chaotic. But if I were to make any suggestion it might be useful to attach ”role/executioners” to each attack step and/or counter measure. In a large organisation may be different departments are responsible for carying out different steps these are not identiyfied in a tree but it can be helpful to see who is responsible for each aspect. The same holds for attackers each attacker can be assigned a certain profile and each step can be connected to the profiles of possible attackers that could execute a certain attack step. This way you can keep track of what kind of attackers to be aware of in each component of a scenario.,I do ADT’s seem very useful in breaking down scenario’s. I think they could for example also be useful in designing processes for example in software design since they can give a clear overview of a certain workflow or datapaths between different software components.,1,7,8,10,17,1,6,5,0.1666666667,0,0,0,0,7,0,1,1,2,1,3,1,3,1,2,5,5,3,1,2,3,6,4,2,2,The overall goal is data confidentiality and this goal is kept. Every possible attack vector from a possible attacker trying gain illegitimate access to the data is countered by one or more defense nodes.,0,0,8,2,1
HT,34,1.5 Years,Yes,No,2,2,4,4,2,Most difficult about this task for me was coming up with intermediary nodes. I found it difficult to think of a somewhat realistic situation in which the given leaf node would make sense and therefore it was also difficult to come up with correct intermediary nodes.,I started by thinking how I could go about dividing all leaf nodes into sensible categories after which I worked downwards from the nodes until I had a complete attack defense tree with all the leaf nodes attached.,2,2,11,17,2,4,4,0,0,0,0,6,0,2,5,I found it most difficult to find all nodes described in the story. I had to read the story multiple times to fit every piece of information into the correct place of the attack defense tree. It was also difficult to see if I had included all information or if I had missed something.,I started by finding all nodes that originated from the root node after which I completed one entire node after the other until I had completed every node.,The first node that I added was the root node the open safe node. The node after that was the cut open the safe node since it was the only one that I could not find any sub nodes from.,4,4,5,8,0,2,3,0,0,1,1,3,2,4,1,3,The part I find easiest about using ADTs is the visual aspect of it. Seeing an ADT gives way more information in a glance compared to an entire paragraph of information like in part 2 of this exercise. This makes ADTs very useful if I want to quickly understand the structure of attack and defense.,The most difficult think for me about using ADT is understanding how the interaction between defense and attack occurs. It is really difficult for me to see when a defensive line should be used or when an attack is going to be used.,Yes I do think ADTs have a place in the cybersecurity industry. For example a good place for it is is when setting up security. Understanding where attacks could come from and knowing when to secure a certain area is very important for the security of something.,1,0,1,I don’t know I think ADTs are really thought out well and it is difficult to see for me where the areas of improvement are.,It depends it is helpful to see ADTs when first learning about the structure of the security of a place/program but I do not think it is very useful if I need to go more into depth of the security and I don’t want to encounter ADTs in those areas.,0.5,4,4,10,15,2,3,3,0.6666666667,0,0,0,0,5,0,3,2,1,2,3,1,2,3,2,5,2,1,3,2,2,2,5,4,3,Yes all possible routes of attack have a defence in place.,0,0,8,3,2
HT,35,,,,2,2,2,5,1,I had some troubles at the beginning with understanding how the thief would rob the bank. For example I am not completely sure if the “obtaining tools” node is located correctly as there is nowhere exactly defined for what he needs the tools. However I do not think there is another logical place for the “obtain tools” to be but for now I had guessed it has to be used to gain access but in what way is not really clear from this attack tree.,I first started with the initial node and after that I started to group certain nodes together. For instance I grouped the nodes with tools together and matched the nodes with tunnel together and hire outright with the money. From there on I started to match the groups with the remaining nodes until I found a logic approach to rob a bank. Then lastly I placed the defence leaf nodes.,2,2,6,11,1,2,4,0,0,2,0,5,2,2,1,I had some difficulties with wanting to add extra information. For example I wanted to add “Force” as attack node to the defence leaf node “Memorise combination”. I also faced some issues with how to place the attack leaf nodes of getting the combination. I struggled at the beginning where to place the defence node “memorise combination” as I placed it first at the other leaf node “get combination from the owner”. Since the owner has already memorised it the defence node should therefore obviously be placed as a defence mechanism for the “written down combination”.,I read the scenario and from there I started with finding the initial node. This is the goal of the attack so from here it is easier to understand what the scenario wants you to do and why. In this case that was to open a safe. After that I started to write down the possible steps to open a safe regarding the scenario. Following this I started to build the attack tree and trying,,3,3,5,7,0,2,3,0,0,0,0,2,0,3,5,4,It makes the attack steps way more visual. It is easy to follow step by step. It also helps with understanding the relationship between the nodes as it shows clearly if both steps should be completed or that men can choose one of the options to complete the goal of the tree. It is therefore way more clear than a text scenario.,Sometimes I struggled with where to put the nodes without making them occur unnecessarily twice. For instance to steal a product in the supermarket the thief should walk in the supermarket but this should be done 4 times as there were 4 leaf nodes that were all in an “or” relationship. I also struggled with the defence nodes and where to place them exactly.,Yes as it can help to identify the possible attacks of hackers. If all the possible attacks are detected then one can try to think of possible security methods to defend against these attacks. If these possible solutions are thought out then one can design and develop these cybersecurity methods.,1,0,1,ADTs mostly focus on the possible attacks and then it might think of a possible defence method. In this case however one might bring up solutions that are not possible to build because of money or expertise etc. It also builds on data of previous attacks and if the expertise team lacks this disclose attack data (for privacy reasons) then it is harder to structure such an attack tree.,,,4,4,12,30,8,1,8,8,0,0,8,0,17,8,2,1,2,1,3,1,3,1,1,5,4,2,1,1,5,6,5,1,1,Yes,0,0,3,1,1
HT,36,5 YEars,Yes,No,1,1,3,3,1,I had some significant trouble with using the leaf nodes as end nodes. Instead my head always wanted to start with the leaf nodes which was not handy. This is probably happening because the brain is wired to start with what it sees instead of working to get there eventually though it clicked and I think I got an okay solution.,My methodology was to find some links that happen to end in one of the leafs given. I tried to do that for every leaf until I noticed that some connections could be made with two of the given leafs and when that happened I had a lot less trouble creating the rest of the tree.,2,2,10,16,4,2,5,0,0,0,0,6,0,2,2,How to make the ”safe owner only knows password” Defense node because I was confused on the phrasing of it and how I could properly phrase it. Everything else went relatively smoothly.,Everytime I noticed a node (something that helps to open a safe) I wrote it as a node and every node under another node if it was connected with each other. If it seemed like a defense against one of the attack nodes it is written as a defense node.,”Open safe” As that was the first one in the given text and is the goal I was trying to achieve in the tree.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,2,2,How clear and schematic the answers are. and how easily readable it is.,Reflecting the reality on ADTs It is simple to show a simplified problem in an ADT but if it gets a little more complicated the ADTs get very complicated too.,Do you think ADTs have a place in the cybersecurity industry? If so where? If not why not? Yes in the usage of antivirus software (making trees of all the different attack scenarios and how we can properly defend against them). We could even make a attack defense tree for every layer an antivirus needs and how they should interact with each other. So in my opinion ADTs do have a place in the cybersecurity space.,1,0,1,Say there is one very specific attack then that one would not be featured on an ADT because linking them one by one is not allowed in ADTs.,I do because it is a way to map out a very difficult issue in a much easier readable issue (for humans not computers perse). It also gives you different ways to look at a problem without getting lost in a lot of unneeded text.,1,3,3,22,39,6,11,6,0.5454545455,0,0,1,0,18,1,3,2,3,1,,,,,,,,,,,,,,,,,,,,,
HT,37,2.5 Years,Yes,No,1,1,2,4,4,I did not fully understand what some leaf nodes meant as they could mean multiple things in my opinion. That made it difficult to link leaf nodes to each other and to an intermediary node.,I first tried to link leaf nodes to each other and to come up with an intermediary node that they could apply to. Then I tried to make all the intermediary nodes connect to the root node.,2,2,9,16,2,5,4,0,0,0,0,7,0,1,4,I found it difficult to determine which aspects are nodes and which are not.,I first tried to make nodes of every aspect of the text that I found significant to the threat model. Then I tried to link all nodes to each other and to the root node.,Open safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,4,4,1,I think ADTs are easy to understand and really comprehensible.,To determine clearly which aspects are intermediary nodes and which aspects are leaf nodes. Also to come up whith good defense nodes.,I do. I think ADTs make it really clear which threats are present. And also you can distinctly see which security measures you have to take to have the whole system secured. I think ADTs could be used to define threats in cybersecurity for example in protecting databases or online banks.,1,1,0.5,When attack nodes are countered by defense nodes and they are on their turn again countered by attack nodes and so on I think nothing is missing from ADTs.,I might have a future in cybersecurity and I think ADTs are relevant in that sector. Therefore I might encounter ADTs in the future.,0.5,2,2,4,7,1,2,3,0.5,0,0,0,0,3,0,1,1,1,3,3,1,2,1,2,5,4,0,2,3,3,6,5,2,2,No for example ther is no defense node for strong password attacks.,1,1,7,3,3
HT,38,6 Years,Yes,No,1,2,4,3,3,I thought finding ways to incorporate the given leaf nodes into the final goal was the most difficult bit because I don't have experience robbing banks.,,2,2,9,15,4,2,3,0,0,0,1,6,1,4,5,The most difficult part was adding the defense node for remember the password. At fiorst I didn't understand the sentence properly,I went through the text and added information as I went.,The first node I added was the root after that I added pick lock,3,3,5,7,0,2,3,0,0,0,0,2,0,4,2,1,Trees are easy to read through when compared to text. A textual escription can be all over the place.,It can sometimes be hard to build an ADT from scratch,I think they do albeit mainly in the theoretical branch,0.5,0,0,N/A,I do not.,0,3,3,5,7,0,2,0,0,0,0,0,0,2,0,1,1,1,2,,,,,,,,,,,,,,,,,,,,,
HT,39,1.5 Years,Yes,No,1,1,2,4,2,Choosing the right intermediary nodes is somewhat difficult. Also deciding when the attack tree is done is something I am unsure of.,I used a bottom-up approach combining the given leaves into intermediary nodes and so on.,4,4,15,25,3,7,4,0,0,0,1,10,1,1,2,Nothing really.,I just read the text and as I went added nodes to the tree,Open Safe the root node.,3,3,5,7,0,2,3,0,0,0,0,2,0,5,4,1,Reading or interpreting ADT’s is quite easy constructing one with all nodes given is also easy but it gets harder the fewer nodes are given.,Creating them from scratch can become time consuming and larger ADT’s can also become hard to understand.,I think ADT’s or graphs can have a place anywhere really any place where an abstract view of a situation can help people on the outside understand. Like I stated previously in the “Likert Question” the creation of the ADT does not better my understanding though it is a nice compact view. I can see how an ADT can be useful if someone forgot and would need a clear summary.,0.5,1,0,I cannot think of any aspects that are missing currently but I do think that adding aspects onto ADT’s should be done with caution. The strenght of the ADT seems that it is quite clear and easy to understand losing that attribute could make it worse instead.,Sure I would not mind to see ADT’s in the future.,0.5,12,12,17,27,1,9,6,0.1111111111,0,0,0,2,10,2,2,3,2,1,3,1,2,1,1,5,4,0,2,2,3,6,3,4,2,No Data Confidentiality at risk because there is still valid attack vectors. The counter measures: Strong Passwords Lock (backdoor) Lock(door) are negated by countering the counter measure.,1,1,5,1,1
HT,40,,,,1,2,2,1,2,Finding out which notes need to be connected to which and where in the hierarchy the notes need to be.,I first grouped nodes together then added intermediary nodes and put the groups of nodes under each other.,2,2,11,15,2,3,3,0,1,0,1,4,2,1,4,Making a clear visual representation of the tree.,I added the nodes in order of the story. When I saw a relation between the nodes I added a link between them. After reading the story I added the missing links and finished constructing the tree.,The “open safe” node.,3,3,5,7,0,2,3,0,0,0,0,2,0,4,2,1,Getting an idea for a scenario and how the scenario fits together.,Placing defense nodes at the right places and thinking of the order in which to place nodes.,I think they do have a place in the cybersecurity industry. For example ADTs can be used to understand the behavior and characteristics of malware. So that security experts can develop effective countermeasures and design software that is resistant to attacks.,1,0,1,Although ADTs provide a way to define the characteristics of data structures and algorithms they do not account for how these structures and algorithms behave when they are used in practice. ADTs only describe the static properties of data structures. They do not take into account how data is added removed or manipulated within these structures over time.,,,3,3,8,11,1,2,4,0.5,0,0,0,1,3,1,2,1,2,2,,,,,,,,,,,,,,,,,,,,,
HT,41,2 Year,Yes,No,2,1,3,3,2,Restricting myself to only these leaf nodes and trying to construct intermediary nodes around the scenario implied by the leaf nodes,I group together the leaf nodes that seemed should be children of the same intermediary node and tried to think of what these could bem this produced an attack tree without defense nodes. I then revised and improved the tree and added i n defense nodes where applicable.,3,4,10,17,2,2,4,0,0,3,0,7,3,1,2,Restricting myself to not add extra information & leaf nodes,I systematically read through the text and added nodes in the order I thought they appeared in the description.,The root/goal (open the safe),3,4,5,7,0,1,3,0,0,1,1,2,2,2,1,1,The clarity of the correlation bvetween attack elements and the counter attack elements,Correctly identifying different nodes as opposed to identifiying steps of an attack,Yes as they can create clear communication of possible (cyber) threats and possible ways of preventing these vulnerabilities being exploited. For example in creating & communicating criteria for software developers,1,1,0.5,Possibly some indication of risk or level of threat.,If I have involvement in planning software development in the future or wortking in security then yes.,1,6,6,8,15,2,3,6,0.6666666667,0,0,2,0,7,2,1,1,1,1,3,1,3,1,1,5,5,3,2,2,5,7,5,3,4,No because a defence node has become the overall goal (data confidentiality),1,1,4,2,2
HT,42,30 Years,No,No,1,3,5,3,5,Figuring out what the person giving the leaf nodes had in mind. I had and still have absolutely no clue what the desired plan is supposed to be for robbing the bank so I gave up and came up with a random plan that sort-of made use of the leaf nodes.,No methodology other than “panic and try to fit puzzle pieces together to get something vaguely coherent”.I don’t think the bottom-up approach of “here are some tools can you think of an attack?” is bad per se but in this particular example I found it extremely confusing and limiting.,2,2,10,16,3,3,4,0,0,0,0,6,0,2,2,Nothing. The scenario description was exceedingly clear leaving only one possible implementation of the tree: the obvious one.,I just translated attacks/defenses to a tree nodes as I encountered them in the text immediately linking them to the appropriate parent node. That worked out well in this case but in general (read: in more complex cases) I’d scan the text first to get a rough idea before starting to create nodes.,The root node first then “Pick lock”.,3,3,5,7,0,2,3,0,0,0,0,2,0,2,4,1,Almost everything. ADTs seem easy to both read and create.,Almost nothing. Only getting a partial tree (or just a few nodes) and having to fill in the blanks was difficult. In the future I could see tasks like checking attack tree equivalence being slightly challenging but I haven’t used that yet.,Yes since they are an effective communication tool and a potential standard notation. And the formalizations might help with the creation of autonomous defensive agents that can reason about the (risks to the) security of their environment. I do worry the model’s elegant simplicity limits its real-world applicability – see my response to the next question.,1,1,0,I fear the tree format scales (and visualizes) less well beyond the level of individual threats. Once we get to Policy level and Organization-Wide security concerns there will be: •Many shared nodes / subtrees meaning a Directed Acyclic Graph (DAG) might be better than a tree •Questions of Risk Factors for which I feel e.g. finding DAG nodes with many incoming edges would be key •Sibling nodes that aren’t neatly Independent (in the Bayesan sense) destroying the foundations of any neat quantification algorithms •Vast problem domains for which textual descriptions & Propositional Logic may not suffice. Example: when an org has thousands of users a simply statement about users might be difficult to model formally without First Order Logic. Whether these concerns indicate features missing from ADTs or simply things that should be kept out-of-scope I cannot answer.,Maybe? I feel pretty neutral about the subject but if I ever have to describe a threat model as part of my job I may well apply ADTs since they are excellent communication/visualization tools.,0.5,15,15,28,51,5,15,6,0.3333333333,0,0,2,4,22,6,1,1,3,1,,,,,,,,,,,,,,,,,,,,,
HT,43,2 Years,Yes,No,1,4,4,1,2,The thing I found most difficult is building with already defined leaf nodes. I am not completely sure what they mean and how they are connected. There are so many things that could be changed and still would be correct it just depends on the explanation that I would give with it.,I started from the root and asked what are the things someone would need to rob a bank I concluded it were: stealing money and help. I started with ”getting into the bank” I chose the 2 given possibilities: Walking through the front door and via a tunnel. Because there were 2 things needed to go ”into the bank via a tunnel” and these should both be leaves they should be an AND. For opening the vault I also chose 2 options: gaining access and breaking in. I knew I had to make an intermediary node for breaking in with tools because there were 2 leaves that had this option. Now I had to make a choice with ”Get help” should I keep this intermediary node or should I just ”delete” it and hanging the children on the parent. They both would be correct choices but I chose to just leave the intermediary and leave the ”get insiders” and ”hire outright” an OR. Now I added underneath the get insiders 2 options promise part of the money and threaten insiders these are 2 options to get insiders. The defense nodes still needed to be added The ”personnel risk management” defense node was easy to place It should just go underneath ”get insiders”. The other defense node was trickier It could not just go underneath ”Get insiders” because it was part of promising money. So I made an extra intermediary node ”bribe money” to compensate this.,2,2,9,18,3,6,5,0,0,1,0,10,1,3,4,Choosing between adding an intermediary node or not when placing a defense node. For the ”pick lock” and ”install safe improperly...” I chose to hang a defense node underneath it. I did this because I did not think an intermediary node was necessary because the defense node was completely related to its node above. But for the defense node ”password is easy so it can be remembered” I chose to add an intermediary node because otherwise it would be underneath ”learn combination”. ”learn combination” has an attack node: ”get combination from owner” and I did not think this attack node related to the defense node therefore I chose to make an intermediary node.,I started with the root after that I placed: ”pick lock” ”learn combination” ”cut open” and ”install safe improperly...”. Just like it was mentioned in the text. Then I added ”find written down password” and ”get combination from owner”. And after that I added all the defense nodes that I thought were mentioned in the text,”Open safe” the root.,3,3,6,8,0,2,3,0,0,1,0,3,1,1,4,1,When an ADT is made it is really easy to see the scenario. It is clear how the scenario can be attacked and defended.,It takes some time before the attack tree is ”complete” however I feel like the attack tree is never complete so I don’t know when to stop adding nodes. It feels like every defense tree can be expanded.,Yes I do I think ADTs can be used to explain to people without a cybersecurity industry all the things that are being done to protect for example data. I however don’t think it will be used by programmers but more on management level.,1,1,0,Concrete explanations on what a node means. For example from the first attack tree. What is a ”hire outright” what is the precise definition. Or for example ”eavesdrop” in the last attack tree what does this precisely mean? secretly listening or secretly watching what someone types.,I think hope would be a bit ambitious but in the scenario when an attack scenario has to be explained I would prefer an attack tree because it gives me a clear view of the scenario,1,3,3,5,8,0,2,3,0,0,0,2,0,4,2,2,1,1,3,3,1,2,2,2,9,4,5,3,3,5,7,5,3,3,yes root is an defense node,0,0,8,2,4
HT,44,,,,1,2,2,1,1,The most difficult part of this task was understanding what certain individual leaf nodes meant and how they could be related to other nodes. In particular to me Hire Outright had several meanings--hiring a team to rob the bank outright or giving the team a salary outright (instead of promising a part of the stolen money). This aspect of the task made it difficult because misunderstanding a node could lead to a completely different ADT which might not make sense to another person who had a different meaning for that node in mind.,My methodology was to create an attack tree then add defense nodes where applicable. In short I used the following steps: . Group similar leaf nodes then construct an <or> or <and> relationship between them. II. Determine if the groups can be summarized by creating an intermediary node or connected to another group. III. Draw an attack tree that includes each group of nodes created in steps I and II. IV. Iteratively determine if groups of nodes could be summarized by another intermediary node. Then rearrange groups accordingly in a logical manner. V. Determine which defense nodes could be used as countermeasures against which attack nodes. Then determine whether the defense nodes could be summarized by creating an intermediary node. After initially drawing out my initial ADT with pencil and paper I redrew it so that the nodes were vertically and horizontally aligned so it would be easier to read then converted it into a digital form (which I briefly discuss in question 3 short response question 2).,2,3,9,15,3,3,5,0,0,0,0,6,0,2,1,Admittedly building an ADT is much easier than assembling one. The most difficult part of this task was determining how to best summarize each node into a few words because I wanted the ADT to be concise but also readable and easy to understand.,My methodology was to read through the scenario and create an attack tree then read through it again and add defense nodes where applicable--quite similar to my methodology in question 1. To form the attack tree and then later form the attack defense tree I used the same steps I through V noted in question 1 and then I converted it into a digital form (which I briefly discuss in question 3 short response question 2).,The first node I added to my tree was the overall goal Open safe.,3,3,5,7,0,1,3,0,0,1,0,2,1,1,4,1,I found understanding the format of an ADT was quite simple. Once I understood how to read one it was very easy to understand and create a methodology to write them. Additionally it made understanding an entire attack scenario simpler. Because an ADT is both visual and graphical I can understand every single possible attack vector--which isn't always guaranteed when I read a text description of an attack.,The most difficult part of using ADTs is definitely converting them into a virtual form. Writing them down on paper is sometimes messy because when you first write them the nodes aren't vertically and horizontally aligned--especially when I was adding defense nodes to an attack tree to form an ADT. But they were still readable and simple to re-write on paper. Virtually though I couldn't find a piece of software or tool that was simple enough to help me make an ADT. So I opted to make them using Google Drive's Drawing tool which was a tedious task because it was very difficult to format.,Yes I do think ADTs have a place in the cybersecurity industry. Due to the ease of adding a new attack vector or attack node it's easier to get a comprehensive view of an attack scenario rather than through a written description of an attack scenario or a list of possible attacks. Additionally an ADT is a platform where security specialists and developers can discuss and think about possible threats together. With knowledge of possible threats it can lead to new innovations in the construction of defense mechanisms in code and subsequently better security-focused coding practices.,1,0.5,1,I think the strength of an ADT lies in the fact that it is a visual tool. If applied properly it could be an excellent tool to help explain and educate those who are vulnerable and less aware of cybersecurity risks--for example the elderly as well as children. Therefore an aspect that could be added to potentially improve an ADT is to add visual graphics or simple explanations of security risks and what steps you could take to defend against them.,Yes I do hope to encounter ADTs in the future. They were very fun to learn and play around with. I think they're a very simple but effective tool that helped me understand every possible attack vector and how to defend against them. In the future I'd be interested in learning how to augment an ADT so it could be more readable to those who don't have a background in computer science or math.,1,4,4,10,17,1,4,5,0.25,0,0,2,1,7,3,2,1,2,1,3,1,2,2,1,5,4,0,3,1,3,6,5,3,1,Unsure.,0,0,10,4,1
HT,45,2 Years,Yes,No,2,1,2,3,1,I found linking defence leaf nodes to the attack nodes most difficult. This is mostly because I did not know how checking employee financial situation and personal risk management would help preventing a bank robbery.,I used the top down strategy. I tried to put myself in the role of the robbers and I tried to come up with a plan. I used the given nodes to give a direction to my planing. At the end I came with two different plans which containt all the given attack nodes,2,2,9,16,2,5,5,0,0,0,0,7,0,1,3,It was not a difficult task but the most difficult part was extracting the attack and defence nodes from the text. The reason for this is because it was my first time doing it.,I used again the top down strategy. First I created the tree with attack nodes and then created the defence nodes.,Open Safe,3,3,5,7,0,2,3,0,0,0,0,2,0,2,2,1,Creating the attack path from root to attack leaf node is easy because the scenario in my head was clear to create a tree.,Coming up with defensive nodes was more difficult than creating attack nodes.,Yes it certainly has. It’s purpose is not directly stopping the threat but making the threat clear to a group of people and how it can be handled. So indirectly it is indirectly stopping the threats.,1,1,0,Expect from AND and OR relations maybe bringing other relations like XOR and implication can help creating more detailed ADTs when it is needed.,Yes it is very easy to understand. It would definitely make it easier to understand what the threat is and how to encounter it.,1,2,2,5,9,1,3,4,0.3333333333,0,0,0,0,4,0,1,1,2,2,,,,,,,,,,,,,,,,,,,,,
HT,46,4 Years,Yes,No,2,1,2,3,2,I found the hardest part of this assignment was to define the intermediary nodes. As I was not always sure how to best define these nodes to connect all of the leaf nodes.,I started by grouping the leaf nodes together and then worked my way up by defining appropriate intermediary nodes until all leaf nodes were used and connected to the goal.,3,3,10,17,3,2,4,0,0,2,0,7,2,1,2,I found the most difficult part of this task to make sure the ADT I made didn’t miss and didn’t add any information compared to the text description.,I read the text description line by line and added any relevent nodes to my ADT this way I got all the information from the text description in my ADT and didn’t add anything.,Going line by line the first node I added was the goal: Open the safe.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,5,2,I find ADTs a intuitive method of describing an attack scenario and easier to create or reading than a text description of the same scenario.,I find it difficult to make sure I have no missed any information in my ADT such as missing attack paths or missing defense nodes.,I think ADTs have a place in the earlier stages of threat modelling to get a good idea of possible attack scenarios and to discover where extra defenses are required.,1,0,1,I think ADTs sometimes are missing in context. ADTs strip an attack scenario down to the essentials and as such are easy to understand. Though for exhaustive threat modelling further methods must be explored in addition to ADTs to get the full picture of an attack scenario.,I would be glad to encounter ADTs in the future as they would help me understand an attack scenario better.,1,3,3,8,15,3,3,5,1,0,0,1,0,7,1,1,1,2,1,3,1,2,1,1,5,4,2,2,2,3,6,5,2,2,Yes every attack vector is defended,0,0,5,3,2
HT,47,1.5 Years,Yes,No,5,4,2,2,5,The most difficult for me was determining what was meant with ”hire outright” because I first thought the idea was that you could hire an outright to preform the entire robbery. Later I figured the outright was meant for digging a tunnel.,I paired the leaf and parent nodes I was certain belonged to each other in some relation and then i filled in the rest of the tree. For example: I was pretty sure ”buy tools” and ”steal tools” belonged to each other in and ”OR” relationship because they serve the same sub goal: acquiring tools but doing both actions would be redundant.,2,2,8,16,2,4,6,0,0,2,0,8,2,3,2,I did not find this task very difficult but I did have to order the text information on paper to get and overview,cut open safe ∨ improper installation ∨ pick lock ∨ (get combination ∧ find combination written down) ∨ (get combination ∧ get combination from owner) next I added the defence nodes.,After I added the root I added the node ”cut open safe”.,2,2,5,7,0,2,3,0,0,0,0,2,0,1,4,1,Sometimes it is easy to see which nodes belong to each other in a certain relation.,Sometimes it is hard to come up with intermediary nodes.,Yes in getting an overview of all the possible treats for a software product.,1,0.5,0,The ADTs do not display the cost of security measures although those are relevant in real life,If I was aspiring a career in cyber security I would have hoped to encounter ADT’s in the future.,1,12,14,7,11,1,3,4,0.3333333333,0,0,0,2,4,2,3,2,2,2,3,1,1,1,1,5,3,1,2,2,2,4,5,2,2,No because the goal data confindetiality is changed to physical protection.,1,1,4,2,2
HT,48,2 Years,Yes,No,1,2,2,3,1,To be perfectly honest the process of making the tree neat. At the beginning I did not really pay attention the the fact that the given nodes were leaf nodes but when I figured it out it was pretty doable. I just had to draw the tree multiple times to make sure it was neat and readable.,I listed all the nodes and tried to sort them in groups of which nodes would be the most logical to go together so for example it is pretty clear that ’buy tools’ and ’steal tools’ should go together so we can group those. I did this for all nodes and this personally really helped me to build the tree and get a good overview of all the options and all the nodes.,2,3,9,17,3,4,5,0,0,1,0,8,1,1,1,Nothing really it was pretty clear what the tree should look like. It was sometimes a bit difficult to word the text in the nodes in a clear way.,Read the text and takes notes meanwhile of what the possible nodes could be. The first layer of the tree was pretty clear. After that it was a matter of linking the right attacks/defenses to the correct attack in the first layer.,The root node.,3,3,5,7,0,2,3,0,0,0,0,2,0,1,4,1,The structure is pretty easy it’s very straight to the point and easy to read.,Sometimes it was a bit hard to make sure that there was only one type of relationship but that is relatively easy to solve with intermediary nodes.,Yes I think it is I think it is a great way of making an overview at the beginning of a project and I think it is also very handy to use it for explaining certain stuff to people that do not have a lot of knowlegde on cybersecurity. Using a tree you can fairly easily explain the process to others.,1,1,0,I don’t think it really misses anything I like that it’s simple and that it helps with giving a clear overview. You can see what is happening/what can happen with one look. Adding more stuff like different notations could make a tree very complex and that would be a shame.,I certainly wouldn’t mind as they are fairly easy to work with.,0.5,6,6,16,26,3,7,5,0.4285714286,0,0,0,0,10,0,2,2,2,1,,,,,,,,,,,,,,,,,,,,,
HT,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,2,1,2,5,4,2,3,2,3,5,4,2,2,yes,0,0,5,2,2
HT,50,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,2,2,2,4,2,7,2,2,,,,,,,,,,,
HT,51,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,3,2,2,5,5,3,2,2,5,7,4,2,2,I do not know,0,0,6,4,3
HT,52,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,4,1,1,5,8,3,4,2,3,11,2,5,4,Yes since the entire attack tree focusses on maintaining data confditentiality and every node does refer to this in a way.,0,0,0,1,1
HT,53,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,2,4,2,2,5,8,4,2,4,7,11,5,4,5,yes only now it is more detailed about the defence mechanisms you can put in place,0,0,8,5,5