The Attack Tree Method Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

First, we will attack the internal server by using internal threat where we work together with the company client and former employees to find the weak security hole and also we will bribe some employees to do some malicious things to affect the working of the server. Next, we will attack Microsoft office system 2007 through document threats which would cause the company integrity loss and confidentiality loss and we would also launch some malicious code that would use to remote access, modify data and steal data of the company. Then, we will attack the Microsoft window7 where we would use the people inside the company to install some virus, Trojan and worm on the company computer and when in urgent situation we would disguise and go in personally to crash the Microsoft window7 using teardrop. Then, we would make use of some hacking tool to do some malicious things such as obtain password, modify the document, and destroy window system 32. Furthermore, we will attack the router on the company and because it is quite old version and it is being set as default so that we can go in and change the router login password, filter the IP address, block the website and set the WEP then we would also do some spoofing, DNS cache poisoning, pharming, plashing that would make them access to our private website where we would embedded some malicious code an application to them. Moreover, we also have several attack on workstation where we will break their security and infect their file using virus, worm, Trojan, and use DOS attack to crash the workstation and use spyware to spy every action that were made and we will also obtain password illegally and go in to modify the data inside them. We also will attack the backup file by making copy, steal or break the backup file. Finally, we attack email by using malicious code where would delete and modify the data where we also use steal, threaten, and fraud the company employee to work together with us.


Attack tree is a method to model the threats against a system in a graphical easy-to-understand manner and it is a multi-leveled diagrams consisting of one root, leaves, and children. From the bottom up, child nodes are conditions which must be satisfied to make the direct parent node true; when the root is satisfied, the attack is complete. Each node may be satisfied only by its direct child nodes. If we understand the ways in which a system can be attacked, we can develop countermeasures to prevent those attacks achieving their goal. Attack tree, through the use of attack tree models, allows the user to model the probability that different attacks will succeed. Attack tree also allows users to define indicators that quantify the cost of an attack, the operational difficulty in mounting the attack and any other relevant quantifiable measure that may be of interest. The idea behind attack tree is that an equipment, software, process could be vulnerabilities that when successful they could find compromise the entire system.

The scope of this assignment will cover these things:

Attack the internal server

Attack the Microsoft office 2007

Attack Microsoft windows 7

Attack email

Attack workstation

Attack backup file


The server room are not being secure properly (no CCTV, no lock, no Face detector)

The router is not being updated to the newer patches, set as default setting and the router did not act as an firewall

The workstation using a simple password and being known by most of the employees

The company did not update their antivirus to the latest version which is using "Norton2000"

The employees are allow to access to the public network using pc or laptop

In picture 1.1 we can see one of the Microsoft office 2007 we will name the attack as document threats where we would altered of data and corrupt the data which will lead the company to integrity loss of data and we will broadcast the data and sell the data when we got the data which would cause the company lose a huge some of money.

In picture 1.2 we will attack Microsoft office 2007 by putting some malicious code or application such as trojan on the file that they are sharing online and after the application or the code is active then we can just easily go into their network to gain data access and remote access. This is an easy attack because the organization allows the employees to run macros, ActiveX controls, or add-ins, Receive e-mail attachments Share documents across a public network, such as the Internet and also allow them to open documents from sources outside your organization, such as clients, vendors, or partners.

In picture 1.3 we would launch another attack to Microsoft office 2007 by which named internal threat, where we would lead the employees to our websites and when they click on the hyperlink provided then we would attach some code that can remote access the employee computer so that we can alter the file inside their computer, steal the metadata and gain access to the other computers in the company. Also we would embedded web beacons which contain an invincible link on the email that we sent to the employees, so when they open the mail, they would active a link that would download remote image where we can use it to get the IP address and the email address of the employees and company.

In picture 2.1 we can attack the DVD backup through the obtain DVD plan, where we could bribe the employee or we can disguise our self as an employee to steal the backup, exchange backup or make a copy of the backup file.

In picture 2.2 we have another plan to attack backup file and it is through malicious action where we would attach malicious things such as virus, Trojan and worm to infect their file which would lead to damaging their file or document and also we can go in to change the data inside the back up such as adding some file or delete some of the file so they will still be kept in the dark and never know that the file is being changed. The last but not the least is that we can just destroy the back up file where the company would loss a huge sum of money.

In picture 3.1 we are going to attack their email by using malicious coding in which we will write the code and embedded it to an invincible link where the code would run an installer of a remote access application when it is being click. The remote access would allow us to use keyboard sniffer to obtain any output file and password stealer to obtain the password and through the remote access we can gain access to the data so we can also steal the data inside their database and also we can modify their data such as deletion of their data.

In pic

ture 3.2 we can attack email by making use of their employees, where we first threaten or fraud the employees to do the malicious things like making spam and phising or install virus and Trojan in their computer. Then we also can go in to steal their employee laptop and then we go in to steal the data of the company and also we can broadcast the data online or either destroy the data of the company.

In picture 4.1 we would attack internal server through internal threats where they would not realize that some customer/ client or contractor and consultant is from our side that some of them are espionage and some of them would steal the information and give to us the information and some of them are eavesdropping and sell the information to us. So we can easily guess the password of the server to break into the system. Then we also have paid some former employees to disguise to go in the server room to do some malicious things and also they tell us the old password that is used by the company. Then they would tell us the weakest security hole where we can go in from the weakest security place to go in the server easily.

In picture 4.2 there are another way of using internal threat is by making use of the employees and temporary employees that are in the company where we can bribe them to make them work for us such as install some worm, Trojan, virus and also we can ask them to turn off the security so we can steal data, steal password, and modify the data in the server.

In picture 5.1 we will attack Microsoft window 7 by using people around the company such as the employees inside the company where we can bribe them to perform some security attack and install the virus, Trojan, and worm inside the company. We can also go in personally to do some teardrop on the computer to crash the window7.

In picture 5.2 we can use hacking tools to attack Microsoft window7 by installing malware that can destroy window system 32 and also we can use it to modify document then we can also install spyware to obtain the password that are used inside the company.

In picture 6.1 we attack the workstation through their weak security where we can install Trojan, virus and worm to infect their files and launch Dos attack to crash the workstation and use spyware to spy all the action that have been done by the company.

In picture 6.2 we can obtain password illegally through guess the password by our own and can try to use the widely known password. Then we can also learn the password where we can found them in the written form if we are lucky or we can get the password from target through threaten the employees and blackmail the employee or steal the data though keyboard sniffer where we can get the output of the file and we can also install keyboard sniffer where we can receive the password file.

In picture 7.1 we can attack router because the router is on the default state through get in the router and we can modify the login password of the router because the router are being setting as default at first. Then we can block the website of the company which will make the company unable to gain access to the website and we can set the filter of the IP address to allow us to go in and go out easily from company and we can change the WEP of the router to make the company unable to connect the router.

In picture 7.2 we can attack the router through security attack where we can use DNS cache poisoning to lead them to our website then we can put some malicious things on their computer whenever they access and we can also use spoofing or pharming to fraud the employees on the company through email which will also lead them to our website whenever they click on the link on the email that we have sent to them. Then we can also us plashing to corrupt the firmware of the router to do permanent Denial of Service Attack which could cause destruction of vital hardware like routers and servers would certainly result in an interruption of service.


As what we can see from the picture above, the attack can be done in many different ways such as denial of service, bribing employees, disguise, installing virus, worm and Trojan, or use plashing, pharming, etc to attack the entire company system. We can see that the most effective ways is that can use is the employees because it is the most unexpected threat to a company where the employee can be bride or be threaten to work with us to help us to bring down and allow us to attack the company secretly.


Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.


A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.


A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.

Password Sniffing

Passive wiretapping, usually on a local area network, to gain knowledge of passwords.


This is a more sophisticated form of MITM attack. A user's session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website's IP. Almost all users use a URL like instead of the real IP ( of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website.


The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.


Electronic junk mail or junk newsgroup postings.

knowledge of the whole key that results from combining the items.


Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.

Denial of Service

The prevention of authorized access to a system resource or the delaying of system operations and functions.

Malicious Code

Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.


A generic term for a number of different types of malicious code.


is a program that sends IP fragments to a machine connected to the Internet or a network. Teardrop exploits an overlapping IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines. The bug causes the TCP/IP fragmentation re-assembly code to improperly handle overlapping IP fragments. This attack has not been shown to cause any significant damage to systems, and a simple reboot is the preferred remedy. It should be noted, though, that while this attack is considered to be non-destructive, it could cause problems if there is unsaved data in open applications at the time that the machine is attacked. The primary problem with this is a loss of data.


Phlashing is a technique which can be used to permanently disable hardware by loading a corrupted BIOS onto the hardware. In a simple example of phlashing, a digital camera could be rendered inoperable by destroying the firmware which is used to run the camera. A phlashing demonstration was performed for security professionals in May 2008, illustrating the potential dangers of this technique, although many professionals were skeptical about whether or not phlashing would actually be used in the wild.

This technique relies on the fact that electronics like computers, routers, cameras, scanners, and other peripherals rely on firmware to run, and such firmware needs to be updated periodically. As a result, manufacturers set their equipment up in such a way that it is easy to update the firmware, and in many cases poor security protocols are in place, leaving the electronics vulnerable to attack.

When someone updates the firmware on a device, it is known as "flashing," and the word "phlashing" is clearly derived from the more legitimate sense of firmware updates. As anyone who has upgraded firmware knows, flashing can be a dicey business, as any interruption in the process can brick the hardware, rendering it inoperable. When something is phlashed, the bricking would be deliberate.

In terms of hacking tools, phlashing isn't terribly effective, unless the goal is to get revenge. Some security professionals have suggested that phlashing could be used by griefers, for example, or by hackers who attempted to bring down a server with a Denial of Service Attack first. Phlashing is sometimes referred to as a "Permanent Denial of Service Attack," in a reference to this, as the destruction of vital hardware like routers and servers would certainly result in an interruption of service.

Phlashing could also potentially be used to take over a piece of hardware, by updating firmware which allowed for easy remote access. This could create a major security breach, especially if the hardware involved was a server or router, as large amounts of sensitive information passes through servers and routers.

In response to the threat of phlashing, organizations concerned with electronic security have suggested that it may be time to develop less vulnerable firmware to protect consumers and the industry in general.

DNS cache poisoning

DNS cache poisoning is a technology issue where the domain name system used to look up IP addresses for domain names becomes corrupted, sending users who type those addresses into their browsers to the wrong place. There are a number of ways for a DNS cache to become poisoned, ranging from a malicious attack to a mistake made while configuring a system. It represents a security weakness, as people with malicious code can use DNS cache poisoning to attack innocent Internet users.

When users type an address like into a browser, their computers query a server that stores IP addresses to find out where the wiseGEEK server is. The server provides the information, pointing the user's computer to wiseGEEK. In DNS cache poisoning, the server provides incorrect information, sending users to an unintended location. Sometimes the address is simply invalid and the user cannot reach the site or hits another site in error, but in malicious attacks, the user may be sent to a site containing harmful software like spyware and the site can automatically install that software if the user's computer is poorly secured.

Maintenance of DNS servers is done on a regular basis to update the addresses, find and fix security flaws, and address any corruption or poisoning. Users infected with viruses may find that even if the DNS server is accurate, their computers still will end up in the wrong place when they enter a web address as a result of the virus.

When DNS cache poisoning happens by accident as a result of a bad installation or another problem, it is usually identified and fixed quickly. In cases where malicious code is involved, it can be more difficult to untangle. For example, a computer can be tricked into thinking it is querying a server to get the right address, when in fact a virus is substituting an IP address that will lead the user to a completely different site. DNS cache poisoning can be a big problem when users try to go to trusted sites like their bank and they are unable to reach them.

Security flaws like DNS cache poisoning are difficult to counter, although new techniques are always being developed and antivirus programs regularly provide updates for viruses known to use attacks involving the DNS cache. As people find new ways to combat them, individuals interested in malicious activity find ways to circumvent the new safety measures, forcing developers to return to the drawing board to find another tactic.


Spyware refers to programs that use your Internet connection to send information from your personal computer to some other computer, normally without your knowledge or permission. Most often this information is a record of your ongoing browsing habits, downloads, or it could be more personal data like your name and address.

Different strains of spyware perform different functions. Some might also hijack your browser to take you to an unexpected site, cause your computer to dial expensive 900 numbers, replace the Home page setting in your browser with another site, or serve you personal ads, even when you're offline. Spyware that serves personalized advertisements is called adware also known as malware or scumware.

Some programs that have included spyware, like RealPlayer, disclose this information in their terms and conditions when RealPlayer is installed, though most users don't read the terms and conditions when they install software, particularly if it is free. KaZaA, a free file sharing program, also includes spyware and there are many others.

But spyware doesn't have to come bundled with another application to find its way on to your computer. In fact most spyware is installed surreptitiously. You might visit a website that pops up a window informing you the site won't display correctly unless you allow it to install a file or plug-in. Answering yes to a prompt that you don't understand can allow spyware to be loaded. You might also agree to load a program that, unbeknownst to you, has spyware code included.

The concern with spyware, whether its presence is disclosed or not, and the reason it is universally reviled by so many, is that the user cannot verify or monitor what is actually being gathered and sent from their computer. There is no built-in mechanism for the user to oversee the process and no checks-and-balances in place, legally or otherwise to ensure the security of, or confirm just how the information is being used. Spyware is virtually unregulated. Add to this unfavorable scenario the fact that spyware uses personal resources: your bandwidth, processing power, and memory, to perform work for an outside entity at the expense of your privacy. Still, some spyware programs like RealPlayer and KaZaA are very popular.

It is estimated that 90% of all computers on the Internet are infected with spyware.

Some telltale signs of spyware infection are:

Your computer slows to a crawl due to several spyware programs using up your memory resources.

Advertisements pop up even when you are offline.

You click on a link to go to one site, but your browser gets hijacked and you end up at another site.

Your computer is dialing up numbers on its own that show up on your phone bill.

When you enter a search item, a new and unexpected site handles the search.

Your bookmarks change on their own.

You click your Home button but it takes you to a new site, and when you switch the setting back, the new site appears again anyway.

You get pop-up ads that address you by name even when you have not visited site at which you have registered.

Two of the most popular tools for fighting spyware are Ad-Aware Personal SE and SpywareBlaster. They should be used in conjunction with each other, and they are both free with frequent free updates.

Ad-Aware Personal SE will scan your computer for existing spyware and alert you to what it finds. You can quarantine suspected spyware bugs so they can no longer function. It is very important to read the manual as removing spyware can lead to system or software problems if done incorrectly.

After running Ad-Aware Personal SE to quarantine or remove the spyware, run SpywareBlaster to prevent new spyware from being installed in the first place.

These programs do not load into memory or run in the background. They rely on internal databases of known spyware keys, which they use to scan and protect your system. Therefore, like a virus program, their databases must be updated regularly. Once an updated database has been loaded, run the program again. Always run Ad-Aware Personal SE first, followed by SpywareBlaster.