TREsPASS: Attack Navigator Map

Graphical modelling tool for describing attack scenarios

About TREsPASS

TREsPASS is an EU-funded research project about (cyber) security.

Information security threats to organisations have changed completely over the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge change rapidly.

The TREsPASS project develops methods and tools to analyse and visualize information security risks in dynamic organisations, as well as possible countermeasures. It combines knowledge from technical sciences (how vulnerable protocols and software are), social sciences (how likely people are to succumb to social engineering), and state-of-the-art industry processes and tools.

Attack Navigator Map

The Attack Navigator Map is a tool for predicting and prioritising attack scenarios based on a model of the system or organisation concerned. The model takes the form of a ‘map’, with assets, items, actors, processes, policies. The analysis of the scenario is visualized to help make decisions. The tool can also be used to judge the effect of countermeasures, by re-running the analysis with an adapted model.

The main view of the ANM is a graphical model editor, where existing models can be loaded, or created from scratch. Single components or pre-defined patterns are added to the map via drag and drop, and connected with each other. Connections can express physical connections (as in ‘a door connects two rooms’), containment (as in ‘the laptop is in the office’ or ‘the file is stored on the server’), or arbitrary relationships (as in ‘the employee works for the company’).

Screenshot of the interface showing a model

In order to analyze a model as part of a scenario, the user selects one of the actors on the map to be the attacker, and assigns an attacker profile to him / her. Such a profile defines the skill and resources (money, time) of an attacker. The user also picks one asset on the map as the attacker’s goal, and specifies the monetary gain for the attacker, should the attack be successful.

The analysis of the model is invoked through the ANM interface, but runs in the background. Once the analysis results become available, they are visualized in a dashboard. It gathers all the results of the analysis (and other intermediate tools) and visualises them as attack trees. There are different layout options and view modes, and the possibility to highlight the relevant parts of an attack on the map.

Visualization of the result of the model analysis using different analysis tools

Visualization of the result of the model analysis using different analysis tools

All projects
Arts & Culture
Custom tool for generating typographic posters and animations
Arts & Culture
Interactive timeline exhibit for the Mannheim city archive
Art
Generative audio-visual artwork that fuses color and motion of multiple videos
Arts & Culture
Interactive archive of the activities of the master’s programme of the NFA
Art
Generative animations based on continuous application of a filter kernel
Arts & Culture
Data analysis and visualizations of one year worth of photos collected by an artist
Public Interest
User-driven online propaganda tool on the topic of net neutrality
Applied
Tools for analyzing, visualizing, and comparing formal characteristics of movies
Applied
Finding interesting configurations for a generative artwork through data analysis
Commercial
Type foundry website with integrated online store
Experiment
Trying to increase the chances of finding mushrooms with geographic data
Arts & Culture
macOS screensaver for collectors of Orb (lite) NFTs by Harm van den Dorpel
Arts & Culture
Web3 site for minting NFTs continuously generated by a plant
Commercial
Website that lets users virtually place the product into their physical surroundings
Commercial
Configuration and content scheduling tool for a generative media installation
Art
Self-playing simulation game using the language and mechanics of image editing
Applied
Finger tracking combined with OCR
Experiment
Simulating blobs of fluids with particles
Experiment
Modified JPEG encoder for generating glitchy image effects
Experiment
Force-based simulation of bands of particles
Art
A website that keeps eye contact
Art
A website that is all its past versions
Art
A website that lets you leave something behind for the next visitor
Art
A website that is just its analytics report
Commercial
Point-of-sale software for opticians to help customers choose the right lenses
Experiment
Mapping line drawings onto street networks
Commercial
Bespoke website for the release of the Logical typeface by Edgar Walthert
Misc
Proof-of-concept for an alternative, more powerful Are.na client
Experiment
GPS trace replay tool
Misc
Browser extension that collects texts of how designers describe themselves
Arts & Culture
Interactive animation for a music festival announcement page
Commercial
Portfolio website for the graphic design studio run by sisters Indrė & Laura Klimaitė
Arts & Culture
Independent music publishing and streaming platform
Arts & Culture
Parametric typeface generator tool as part of the new visual identity
Public Interest
TREsPASS: Attack Navigator Map
Graphical modelling tool for describing attack scenarios
Applied
Visualization showing how a text document got written and edited over time
Experiment
Experiments with movie image data