Modeling and execution of complex attack scenarios using interval timed colored petri nets

Proceedings - Fourth IEEE International Workshop on Information Assurance, IWIA 2006

Volumn 2006, Issue , 2006, Pages 157-168

  Dahl, Ole Martin ^a   Wolthusen, Stephen D ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; COMPUTER SIMULATION; DISTRIBUTED COMPUTER SYSTEMS; LARGE SCALE SYSTEMS; MATHEMATICAL MODELS; MULTI AGENT SYSTEMS; SECURITY OF DATA; STOCHASTIC CONTROL SYSTEMS;

FLAW HYPOTHESIS MODEL (FHM); INTERVAL-TIMED COLORED PETRI NETS; PETRI NET VARIANTS;

PETRI NETS;

EID: 33750946796     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IWIA.2006.17     Document Type: Conference Paper

References (37)

1. R. P. Abbott. Security Analysis and Enhancement of Computer Operating Systems. Technical Report NBSIR 76-1042, National Bureau of Standards ICST, Gaithersburg, MD, USA, Apr. 1976.
2. M. D. Abrams, S. Jajodia, and H. J. Podell, editors. Information Security: An Integrated Collection of Essays. IEEE Press, 1995.
3. J. Beale, H. Meer, R. Temmingh, C. van der Walt, and R. Deraison. Nessus Network Auditing. Syngress, Rockland, MA, USA, 2004.
4. M. Bishop and M. Dilger. Checking for Race Conditions in File Accesses. Computing Systems, 9(2): 131-152, 1996.
5. J. Carlstedt, R. Bisbey, and G. Popek. Pattern-Directed Protection Evaluation. Technical Report ISI/RR-75-31, University of Southern California Information Sciences Institute, Marina del Rey, CA, USA, June 1975.
6. H.-Y. Chang, S. R Wu, and Y. F. Jou. Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks. ACM Transactions on Information and System Security, 4(1): 1-36, Feb. 2001.
7. L. M. Galie and R. R. Linde. Security Analysis of the IBM VS2/R3 Operating System Scientific Computer. Technical Report TM-WD-7203/000/00, System Development Corp., Washington D.C., USA, Jan. 1976.
8. L. M. Galie, R. R. Linde, and K. R. Wilson. Security Analysis of the Texas Instruments Advanced Scientific Computer. Technical Report TM-WD-6505/000/00, System Development Corp., Washington D.C., USA, June 1975.
9. D. Geer and J. Harthorne. Penetration Testing: A Duet. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), pages 185-198, Las Vegas, NV, USA, Dec. 2002. IEEE Press.
10. S. Gupta and V. D. Gligor. Experience with a Penetration Analysis Method and Tool. In Proceedings of the 15th National Computer Security Conference, pages 165-183, Baltimore, MD, USA, Oct. 1992.
11. S. Gupta and V. D. Gligor. Towards a Theory of Penetration-Resistant Systems and Its Applications. Journal of Computer Security, 1(2): 133-158, 1992.
12. G. Helmer, J. Wong, M. Slagell, V. Honavar, L. Miller, Y. Wang, and R. Lutz. Software Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-Based Intrusion Detection Systems. Technical report, Iowa State University, Ames, IA, USA, June 2002.
13. D. Hollingsworth, S. Glaseman, and M. Hopwood. Security Test and Evaluation Tools: An Approach to Operating System Security Analysis. Technical Report P-5298, RAND Corporation, Santa Monica, CA, USA, Sept. 1974.
14. K. Jensen. Coloured Petri Nets: Basic Concepts (Volume 1). Monographs in Theoretical Computer Science. Springer Verlag, Heidelberg, Germany, 1997.
15. K. Jensen. Coloured Petri Nets: Practical Use (Volume 3). Monographs in Theoretical Computer Science. Springer Verlag, Heidelberg, Germany, 1997.
16. E. Y. T. Juan, J. J. P. Tsai, and T. Murata. Compositional Verification of Concurrent Systems Using Petri-Net-Based Condensation Rules. ACM Transactions on Programming Languages and Systems, 20(5):917-979, Sept. 1998.
17. P. A. Karger and R. R. Schell. Multics Security Evaluation: Vulnerability Analysis. Technical Report ESD-TR-74-193, Vol. II, Information Systems Technology Application Office, Deputy for Command and Management Systems, Electronic Systems Division (AFSC), L. G. Hanscom AFB, MA, USA, June 1974.
18. S. Kumar and E. H. Spafford. A Pattern-Matching Model for Instrusion Detection. In In Proceedings of the National Computer Security Conference, pages 11-21, Baltimore, MD, USA, Oct. 1994.
19. W. Lee, D. Grosh, and F. Tillman. Fault tree analysis, methods, and applications. IEEE Transactions on Reliability, 34(3): 194-203, Aug. 1985.
20. R. R. Linde. Operating System Penetration. In Proceedings of the AFIPS National Computer Conference, volume 44 of AFIPS Conference Proceedings, pages 361-368, Anaheim, CA, USA, May 1975. AFIPS Press.
21. M. A. Marsan, G. Balbo, G. Conte, S. Donatelli, and G. Franceschinis. Modelling with Generalized Stochastic Petri Nets. John Wiley & Sons, New York, NY, USA, 1995.
22. J. P. McDermott. Attack Net Penetration Testing. In Proceedings of the 2000 Workshop on New Security Paradigms (NSPW 2000), pages 15-21, Ballycotton, Ireland, Oct. 2000.
23. J. L. Peterson. Petri Net Theory and the Modeling of Systems. Prentice Hall PTR, Upper Saddle River, NJ, USA, 1981.
24. C. A. Petri. Kommunikation mit Automaten. PhD thesis, Technische Hochschule Darmstadt, Darmstadt, Germany, 1962. Published in Schriften des Instituts für Instrumentelle Mathematik 3, 1-128, University of Bonn, Germany.
25. W. Reisig. Petri Nets: An Introduction. Monographs in Theoretical Computer Science. Springer Verlag, Heidelberg, Germany, 1985.
26. C. Salter, O. S. Saydjari, B. Schneier, and J. Wallner. Toward a Secure System Engineering Methodolgy. In Proceedings of the 1998 Workshop on New Security Paradigms (NSPW 1998), pages 2-10, Charlottesville, VA, USA, Sept. 1998.
27. B. Schneier. Attack Trees. Dr. Dobb's, 24(12):21-29, Dec. 1999.
28. R. H. Sloan and U. Buy. Stubborn Sets for Real-Time Petri Nets. Formal Methods in System Design, 11(1):23-40, July 1997.
29. J. Steffan and M. Schumacher. Collaborative Attack Modeling. In SAC '02: Proceedings of the 2002 ACM Symposium on Applied Computing, pages 253-259, Madrid, Spain, Mar. 2002. ACM Press.
30. H. H. Thompson. Application Penetration Testing. IEEE Security & Privacy, 3(1):66-69, Jan./Feb. 2005.
31. W. M. P. van der Aalst. Interval Timed Coloured Petri Nets and their Analysis. In M. A. Marsan, editor, Proceedings of Application and Theory of Petri Nets 1993, 14th International Conference, volume 691 of Lecture Notes in Computer Science, pages 453-472, Chicago, IL, USA, June 1993. Springer-Verlag.
32. W. M. P. van der Aalst. Analysis of Railway Stations by Means of Interval Timed Coloured Petri Nets. Real-Time Systems, 9(3):241-263, Nov. 1995.
33. J. Wack, M. Tracy, and M. Souppaya. Guideline on Network Security Testing. Technical Report Special Publication SP 800-42, U.S. National Institute of Standards and Technology, Gaithersburg, MD, USA, Oct. 2003.
34. C. Weissman. System Security Analysis/Certification Methodology and Results. Technical Report SP-3728, System Development Corp., Santa Monica, CA, USA, Oct. 1973.
35. C. Weissman. Security Penetration Testing Guideline, U.S. Navy Handbook on Security Certification. Technical Report TM-8889/000/00, Paramax Systems Corp., Camarillo, CA, USA, Dec. 1992. Prepared under contract to the U.S. Naval Research Laboratory.
36. C. Weissman. Penetration Testing. In Abrams et al. [2], pages 269-296.
37. A. Zenie. Colored Stochastic Petri Nets. In Proceedings of the International Workshop on Timed Petri Nets, pages 262-271, Torino, Italy, July 1985.