Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients

V. Nunes Leal Franqueira, R H C Lopes, Pascal van Eck

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    16 Citations (Scopus)
    262 Downloads (Pure)


    Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.
    Original languageUndefined
    Title of host publicationProceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009
    Place of PublicationNew York
    PublisherAssociation for Computing Machinery (ACM)
    Number of pages8
    ISBN (Print)978-1-60558-166-8
    Publication statusPublished - Mar 2009
    Event24th Annual ACM Symposium on Applied Computing, SAC 2009 - Honolulu, United States
    Duration: 8 Mar 200912 Mar 2009
    Conference number: 24

    Publication series



    Conference24th Annual ACM Symposium on Applied Computing, SAC 2009
    Abbreviated titleSAC
    Country/TerritoryUnited States
    Other8-12 March 2009
    Internet address


    • CR-K.6.5
    • IR-65045
    • SCS-Services
    • METIS-263695
    • EWI-13832

    Cite this