Security Engineering (SE) Workbench
Return to the SE-Workbench Project Page
Security Attack Explorer Tool
The Security Attack Explorer (SAE) is a software tool that aids Security Engineers involved in reviewing attack patterns and selecting relevant attack patterns for Threat Models, Threat Assessments and planning for Security Tests.
To perform these Threat Assessments, Security Engineers will consult any of a number of authoritative reference documents concerned with Security Controls. The base documents for this type of assessment typically include: Mitre Common Attack Patterns, Mitre Attack, Mitre CWE and related technical reference documents.
The SAE tool provides a convenient way for the Security Engineer to explore the information in this grouping of reference information.
Security Attack Analysis Process Review
Table #1 below provides an overview of the Attack analysis process and information resources. The left side of the table shows the basic process where security engineers perform a variety of tasks to model, analyze and provision controls and countermeasures that map to relevant risks and attacks on information systems and assets. The right side of the table calls out reference information used by security engineers.
Table #1. Security Attack Analysis Process
SAE Tool Overview
Table #2 below provides an overview of the SCE Tool. The user interface for the tool is a web browser. The display can be divided into sections: the upper section is the header portion and the lower portion is the data portion.
Table #2 - SAE Tool Layout
The primary document for the SAE tool is Mitre CAPEC. Each entry in Mitre CAPEC represents a security attack pattern. Each attack pattern entry contains detailed information about the attack, along with direct and indirect information to other (secondary) references in the document map. Eadh secondary reference contains detailed information, as well as references to other secondiary documents or the primary document.
SAE Tool Detail
Security Attack Explorer Tool - Upper SectionThe upper section of the browser window, shown in Table #3 below, contains three areas of interest:
Table #3 - SAE Header
Security Attack Explorer Tool - Lower SectionThe Lower Section of the browser window, shown in Table #4, contains 8 areas of interest:
Table #4 - SAE Data
The Data Table (identifed as item 8 in Table #4) is the focus of the tool. On initialization, the Data Table contains one row for each entry in the main reference document along with related direct and indirect references. For the Security Attack Explorer, the main reference document is the version of the Mitre Common Attack Patterns listed in the Tool Information Table. The data cells are constructed with information from the primary and secondary information sources, as well as derived data. The data cells may contain single data elements, grouped data elements or composite data. Derived data elements may include links to external referencces, data that is aggregated from one or more information sources, and/or knowledge insights. The size,content and order of the data table at any time is dependent on the user-driven operation.
The headings and buttons at the top of the Data Table are used to manipulate the information in the Data Table.
SAE Tool User Operations
The SAE tool is designed to support the security engineer in evaluating and selecting security attack patterns that are relevant to a specific problem. to do that the tool provides the means for the security engineer to search, sort, select, review the available information on security attacks and export the findings for followup.
When the tool is invoked, the Data Area contains the default view or the entire security information base. The user may perform operations in any order:
SAE Export Data Function
The Export function is used to create and store a copy of some or all the data in the tool in PDF, CSV or Print formats. The export function operates on data that has been selected. There are two ways to select data: (1) clicking on the checkbox of one or more rows of data, or (2) use the filter or text search features of the tool to narrow the focus of the visible data and then use the Select Data function to either Select All Data or Select Filtered Data.
Table #5 below provides a visualization of the use of the Export function, where the user can select to "Copy Selected to Clipboard", generate a "PDF" diocument, generate a spreadsheet file in the "CSV" (Comma Separated Value) format, or create a "Print" file for local or network printing. The "Copy to Clipboard" function requires the operator to select a destimation application, such as Notepad, Word Processing Document or other. The PDF, CSV or Print options will automatically open a window to the corresponding application, assuming that the users computer system has a compatible application.
Table #5 - SAE Export Data Function
Some basic questions/problems the SAE tool can help answer include:
Copyright © 2021,2022 Jim Whitmore.
LAST UPDATE: 29 March 2022