Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients

V. Nunes Leal Franqueira, R H C Lopes, Pascal van Eck

    Research output: Book/ReportReportProfessional

    122 Downloads (Pure)

    Abstract

    Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also e.g. when an attacker acquires a key (e.g. a password) on one host which allows him to exploit further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In this paper we present MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable as well as from the exploitation of non-vulnerable hosts, through the acquisition of keys.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages15
    Publication statusPublished - Jun 2008

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.302/TR-CTIT-08-44
    ISSN (Print)1381-3625

    Keywords

    • METIS-251037
    • SCS-Services
    • EWI-12950
    • IR-64836

    Cite this