The Attack Navigator Map

The Attack Navigator Map (ANM) is a tool that predicts and prioritises attack scenarios based on a model of the system or organisation concerned. It can also be used to judge the effect of countermeasures, by re-running the analysis with an adapted model. The model takes the form of a navigator map and a set of attacker profiles.

The Attack Navigator Map represents the system cartographically, displaying connections between the elements as potential steps that an attacker could take. These steps are annotated with relevant variables such as difficulty and cost.

A map created in the ANM. The user hovers over the asset "access card" and is prompted that the item can be dragged onto the map. The colour of assets is based on how potentially dangerous the asset is. For "door" red means very weak, for an actor type red means vulnerable.
A map created in the ANM. The user hovers over the asset “access card” and is prompted that the item can be dragged onto the map. The colour of assets is based on how potentially dangerous the asset is. For “door” red means very weak, for an actor type red means vulnerable.

The attacker profile collects relevant characteristics of an attacker, such as skills, resources, motivations / goals, and initial access. By combining a map and attacker profile, the system will calculate routes for the attacker across the map that provides utility to the attacker.

Typically, this will involve gaining access to certain assets and compromising their confidentiality, integrity or availability, which may cause damage to the organisation. The routes with the highest utility for the attacker constitute the highest risk with respect to the selected attacker profile.

Various tools analyse the various routes, and the results are visualised in a dashboard for inspection. On the basis of the outcomes, a user can implement counter-measures and rerun the analysis, until satisfied.

Interface concept

As the structure of elements in an Attack Navigator Map can become complicated very quickly, a wizard-like structure is applied, that guides users through the various steps that need to be taken. Users can draw or import floor plans (for physical and digital environments), apply those to multiple floors and drag-and-drop items  as assets and actors onto the map. These assets, actors, and many more items come from libraries, where the user can also save its own library items, add items, and adjust the properties.

The basic building blocks for constructing a model come from libraries of single components, or of prefabricated model fragments (groups of components with relations), such as the model pattern library. These libraries will contain commonly used patterns, that can be used as templates to rapidly build the basic structure, which can then be refined and tweaked. The underlying data structure is a directed graph of nodes (components with properties) and edges (relations between those components).

 

screen-shot-2016-10-25-at-09-06-58
Diagram describing a typical work-path for a user of the ANM. The individual steps taken within the ANM are shown in grey boxes, and the preparatory and finalising steps are shown in purple boxes. Each step is part of a different phase of work, beginning with Definition of the problem to be worked on, moving through into several stages of Analysis, and finally into Visualisation and Evaluation, shown in yellow circles.

 

03_drag-drop-mov
Animation showing how one can drag and drop files onto the map

 

02_merge-file-mov
Animation showing how to merge files in the ANM

 

04_left-right-click-mov
Animation showing the various contextual functions available when a user user left and right-clicks. Nodes, edges, groups, etc. all have different contextual menus.

 

06_connections-mov
Adding connections.

 

05_move-pan-zoom-reset-mov
How to move, zoom, pan en reset the map view.

 

07_custom-relationships-mov
Editing custom relationships

 

Missing parameters of an asset, actor or location are indicated in the validate layer. The ANM specifies exactly what is missing, for instance if an asset is located somewhere. Also under Run Analysis these problems are indicated, and the analysis can only be done once these problems are resolved. Other examples of warnings are missing attacker, missing value of asset, etc..
Missing parameters of an asset, actor or location are indicated in the validate layer. The ANM specifies exactly what is missing, for instance if an asset is located somewhere. Also under Run Analysis these problems are indicated, and the analysis can only be done once these problems are resolved. Other examples of warnings are missing attacker, missing value of asset, etc..

See the article on the visualisation dashboard for details

 Read the full manual

 Go to the Attack Navigator Map (log-in required)

One thought on “The Attack Navigator Map

Comments are closed.