Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2009, Pages 66-73

  Franqueira, Virginia N L ^a   Lopes, Raul H C ^b   Van Eck, Pascal ^a  

^a UNIVERSITY OF TWENTE   (Netherlands)

^b BRUNEL UNIVERSITY   (United Kingdom)

Author keywords

Attack graph; Hypergraph; Network attack; Vulnerability assessment

Indexed keywords

AMBIENTS; ATTACK GRAPH; COMMERCIAL OFF-THE-SHELF SOFTWARES; DYNAMIC ASPECTS; HYPERGRAPH; IN-NETWORK; MOBILE AMBIENTS; MODELLING AND SIMULATIONS; MULTI-STEP ATTACKS; NETWORK ATTACK; NETWORK DOMAINS; SECURITY BREACHES; SECURITY POLICY; STEPPING STONE; VULNERABILITY ASSESSMENTS;

COMPUTER CRIME; COMPUTER SCIENCE; SIMULATORS; WIRELESS NETWORKS;

NETWORK SECURITY;

EID: 72949101002     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1529282.1529294     Document Type: Conference Paper

References (34)

1. P. Ammann, J. Pamula, J. Street, and R. Ritchey. A host-based approach to network attack chaining analysis. In ACSAC '05: Proc. of the 21st Annual Computer Security Applications Conference, pages 72-84, Washington, DC, USA, 2005. IEEE Computer Society.
2. P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security, pages 217-224, New York, NY, USA, 2002. ACM.
3. B. Berard, M. Bidoit, A. Finkel, F. Laroussinie, A. Petit, L. Petrucci, and P. Schnoebelen. Systems and software verification: Model-checking techniques and tools. Springer-Verlag, Berlin, 2001.
4. L. Cardelli. Bioware Languages, pages 59-65. Monographs in Computer Science. Springer, New York, 2004.
5. L. Cardelli and A. D. Gordon. Mobile Ambients. In Foundations of Software Science and Computation Structures: First International Conference, FOSSACS'98, volume 1378 of LNCS, pages 140-155, Berlin Germany, 1998. Springer-Verlag.
6. L. Cardelli and A. D. Gordon. Types for Mobile Ambients. In POPL'99: Proc. of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 79-92, New York, NY, USA, 1999. ACM.
7. R. Chinchani, A. Iyer, H. Q. Ngo, and S. Upadhyaya. Towards a Theory of Insider Threat Assessment. In DSN 2005: Int. Conference on Dependable Systems and Networks, pages 108-117. IEEE Publishing, July 2005. http://ieeexplore.ieee.org/iel5/9904/31476/01467785.pdf.
8. F. Cuppens and R. Ortalo. Lambda: A language to model a database for detection of attacks. In RAID'00: Proc. of the Third Int. Workshop on Recent Advances in Intrusion Detection, pages 197-216, London, UK, 2000. Springer-Verlag.
9. V. N. L. Franqueira and R. H. C. Lopes. Vulnerability Assessment by Learning Attack Specifications in Graphs. In IAS'07: Proc. of the 3rd Int. Symposium on Information Assurance and Security), pages 161-164, August 2007.
10. V. N. L. Franqueira, R. H. C. Lopes, and P. van Eck. Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. Technical Report TR-CTIT-08-44, Centre for Telematics and Information Technology (CTIT), University of Twente, Enschede, The Netherlands, June 2008.
11. V. Gorodetski and I. Kotenko. Attacks against computer network: Formal grammar-based framework and simulation tool. In A.Wespi, G.Vigna, and L.Deri, editors, RAID 2002: Proc. of the Fifth Int. Symposium on Recent Advances in Intrusion Detection, volume 2516 of LNCS, pages 219-238. Springer, October 2002.
12. D. Ha, S. Upadhyaya, H. Q. Ngo, S. Pramanik, R. Chinchani, and S. Mathew. Insider threat analysis using information-centric modeling. In Advances in Digital Forensics III, IFIP International Federation for Information Processing, pages 55-73. Springer, Boston, 2007.
13. C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall International, second edition, June 2004. online version at http://www.usingcsp. com/cspbook.pdf.
14. K. Ingols, R. Lippmann, and K. Piwowarski. Practical attack graph generation for network defense. In ACSAC '06: Proc. of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference, pages 121-130, Washington, DC, USA, 2006. IEEE Computer Society.
15. S. Jajodia, S. Noel, and B. O'Berry. Topological Analysis of Network Attack Vulnerability. In Managing Cyber Threats: Issues, Approaches and Challenges. Springer-Verlag, Germany, 2005.
16. S. Jukna. Extremal Combinatorics. Springer, 2000.
17. G. Keizer. Mass hack infects tens of thousands of sites. Computerworld, publisehd on January 7, 2008. http://www.computerworld.com/action/article.do? command=viewArticleBasic&taxonomyId=16&articleId=9055858&intsrc= hm-topic. Visited 10-July-2008.
18. J. M. Kleinberg. Authoritative Sources in a Hyperlinked Environment. In In Proc. Ninth Ann. ACM-SIAM Symp. Discrete Algorithms, pages 668-677, New York, 1998. ACM Press.
19. A. N. Langville and C. D. Meyer. Google's PageRank and Beyond: The Science of Search Engine Rankings. Princeton Universty Press, 2006.
20. W. Li, R. B. Vaughn, and Y. S. Dandass. An approach to model network exploitations using exploitation graphs. Simulation, 82(8):523-541, 2006.
21. R. Milner. Pure bigraphs. Technical Report UCAM-CL-TR-614, University of Cambridge, January 2005.
22. Nessus. Tenable network security: The Nessus Security Scanner. http://www.nessus.org. Visited 10-July-2008.
23. S. Noel and S. Jajodia. Managing attack graph complexity through visual hierarchical aggregation. In VizSEC/DMSEC '04: Proc. of the 2004 ACM workshop on Visualization and data mining for computer security, pages 109-118, New York, NY, USA, 2004. ACM. http://doi.acm.org/10.1145/1029208.1029225.
24. NVD. National vulnerability database v2. http://nvd.nist.gov/. Visited 10-July-2008.
25. X. Ou, W. F. Boyer, and M. A. McQueen. A Scalable Approach to Attack Graph Generation. In CCS '06: Proc. of the 13th ACM Conf. on Computer and Communications Security, pages 336-345, New York, NY, USA, 2006. ACM. people.cis.ksu.edu/~xou/publications/ccs06.pdf.
26. X. Ou, S. Govindavajhala, and A. W. Appel. Mulval: a logic-based network security analyzer. In SSYM'05: Proc. of the 14th Conf. on USENIX Security Symposium, Berkeley, CA, USA, August 2005. USENIX Association. www.cs.princeton.edu/~appel/papers/mulval.pdf.
27. R. W. Ritchey and P. Ammann. Using Model Checking to Analyze Network Vulnerabilities. In SP'00: Proc. of the 2000 IEEE Symposium on Security and Privacy, pages 156-165, Washington, DC, USA, 2000. IEEE Computer Society.
28. R. Sawilla and X. Ou. Googling Attack Graphs. Technical Report TM-2007-205, Defense Research and Development Canada, September 2007. http://www.ottawa.drdc-rddc.gc.ca/html/tm-2007-205-e.html.
29. B. Schneier. The Ethics of Vulnerability Research. Information Security Magazine, May 2008. http://www.schneier.com/essay-211.html.
30. J. R. Seeley. The net of reciprocal influence: A problem in treating sociometric data. Canadian Jounal of Psychology, 3:234-240, 1949.
31. O. Sheyner and J. Wing. Tools for Generating and Analyzing Attack Graphs. In In Proc. of Workshop on Formal Methods for Components and Objects, LNCS 3188, pages 344-371, Germany, 2004. Springer-Verlag.
32. L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-attack graph generation tool. In DISCEX II'01: DARPA Information Survivability Conference and Exposition Conference and Exposition, volume 2, pages 307-321, Washington, DC, USA, June 2001. IEEE Computer Society.
33. S. J. Templeton and K. Levitt. A requires/provides model for computer attacks. In NSPW'00: Proc. of the 2000 Workshop on New Security Paradigms, pages 31-38, New York, NY, USA, 2000. ACM.
34. L. Williams, R. Lippmann, and K. Ingols. An interactive attack graph cascade and reachability display. In VizSEC'07: Proc. of the Workshop on Visualization for Computer Security, pages 221-235. Springer-Verlag, October 2007.