Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients

V. Nunes Leal Franqueira, R H C Lopes, Pascal van Eck

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    14 Citations (Scopus)
    180 Downloads (Pure)

    Abstract

    Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.
    Original languageUndefined
    Title of host publicationProceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009
    Place of PublicationNew York
    PublisherAssociation for Computing Machinery (ACM)
    Pages66-73
    Number of pages8
    ISBN (Print)978-1-60558-166-8
    DOIs
    Publication statusPublished - Mar 2009
    Event24th Annual ACM Symposium on Applied Computing, SAC 2009 - Honolulu, United States
    Duration: 8 Mar 200912 Mar 2009
    Conference number: 24
    https://www.sigapp.org/sac/sac2009/

    Publication series

    Name
    PublisherACM

    Conference

    Conference24th Annual ACM Symposium on Applied Computing, SAC 2009
    Abbreviated titleSAC
    CountryUnited States
    CityHonolulu
    Period8/03/0912/03/09
    Other8-12 March 2009
    Internet address

    Keywords

    • CR-K.6.5
    • IR-65045
    • SCS-Services
    • METIS-263695
    • EWI-13832

    Cite this

    Nunes Leal Franqueira, V., Lopes, R. H. C., & van Eck, P. (2009). Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. In Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009 (pp. 66-73). New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/1529282.1529294
    Nunes Leal Franqueira, V. ; Lopes, R H C ; van Eck, Pascal. / Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009. New York : Association for Computing Machinery (ACM), 2009. pp. 66-73
    @inproceedings{3ab5d31714254006b4422ab6086403ab,
    title = "Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients",
    abstract = "Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.",
    keywords = "CR-K.6.5, IR-65045, SCS-Services, METIS-263695, EWI-13832",
    author = "{Nunes Leal Franqueira}, V. and Lopes, {R H C} and {van Eck}, Pascal",
    note = "http://eprints.ewi.utwente.nl/13832",
    year = "2009",
    month = "3",
    doi = "10.1145/1529282.1529294",
    language = "Undefined",
    isbn = "978-1-60558-166-8",
    publisher = "Association for Computing Machinery (ACM)",
    pages = "66--73",
    booktitle = "Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009",
    address = "United States",

    }

    Nunes Leal Franqueira, V, Lopes, RHC & van Eck, P 2009, Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. in Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009. Association for Computing Machinery (ACM), New York, pp. 66-73, 24th Annual ACM Symposium on Applied Computing, SAC 2009, Honolulu, United States, 8/03/09. https://doi.org/10.1145/1529282.1529294

    Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. / Nunes Leal Franqueira, V.; Lopes, R H C; van Eck, Pascal.

    Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009. New York : Association for Computing Machinery (ACM), 2009. p. 66-73.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients

    AU - Nunes Leal Franqueira, V.

    AU - Lopes, R H C

    AU - van Eck, Pascal

    N1 - http://eprints.ewi.utwente.nl/13832

    PY - 2009/3

    Y1 - 2009/3

    N2 - Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.

    AB - Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.

    KW - CR-K.6.5

    KW - IR-65045

    KW - SCS-Services

    KW - METIS-263695

    KW - EWI-13832

    U2 - 10.1145/1529282.1529294

    DO - 10.1145/1529282.1529294

    M3 - Conference contribution

    SN - 978-1-60558-166-8

    SP - 66

    EP - 73

    BT - Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009

    PB - Association for Computing Machinery (ACM)

    CY - New York

    ER -

    Nunes Leal Franqueira V, Lopes RHC, van Eck P. Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. In Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009. New York: Association for Computing Machinery (ACM). 2009. p. 66-73 https://doi.org/10.1145/1529282.1529294