Abstract
The need to anticipate and defend against potential threats is paramount in cybersecurity. This study addresses two fundamental questions: what attacks can be performed against my system, and how can these attacks be thwarted?
Addressing the first question, this work introduces an innovative method for generating executable attack programs, showcasing the practicality of potential breach scenarios. This approach not only establishes the theoretical vulnerability of a system but also underscores its susceptibility to exploitation.
To respond to the second question, the proposed approach explores a range of mechanisms to counter and thwart the exposed attack strategies. The aim is to use robust and adaptive defensive strategies, leveraging insights from the demonstrated attack programs. These mechanisms encompass proactive measures, such as automatic penetration testing and behavior analysis, and reactive approaches, such as rapid patch deployment and vulnerability prioritization. The resilience of systems against potential breaches can be enhanced by intertwining attack pathways with comprehensive countermeasures, thereby disrupting the adversary’s kill chains. This study aims to contribute to the containerized application security deployed in different environments, like the Cloud, Edge, 5G, Internet of Things (IoT), and Industrial IoT (IIoT), by taking these scenarios as a case study.
This research contributes to the evolution of cyber threat analysis through a Design Science Research (DSR) approach, focusing on developing and validating artifacts, tools, and frameworks. Defenders can anticipate, combat, and ultimately mitigate emerging threats in an increasingly complex digital environment by creating tangible attack programs and formulating effective thwarting mechanisms.
Addressing the first question, this work introduces an innovative method for generating executable attack programs, showcasing the practicality of potential breach scenarios. This approach not only establishes the theoretical vulnerability of a system but also underscores its susceptibility to exploitation.
To respond to the second question, the proposed approach explores a range of mechanisms to counter and thwart the exposed attack strategies. The aim is to use robust and adaptive defensive strategies, leveraging insights from the demonstrated attack programs. These mechanisms encompass proactive measures, such as automatic penetration testing and behavior analysis, and reactive approaches, such as rapid patch deployment and vulnerability prioritization. The resilience of systems against potential breaches can be enhanced by intertwining attack pathways with comprehensive countermeasures, thereby disrupting the adversary’s kill chains. This study aims to contribute to the containerized application security deployed in different environments, like the Cloud, Edge, 5G, Internet of Things (IoT), and Industrial IoT (IIoT), by taking these scenarios as a case study.
This research contributes to the evolution of cyber threat analysis through a Design Science Research (DSR) approach, focusing on developing and validating artifacts, tools, and frameworks. Defenders can anticipate, combat, and ultimately mitigate emerging threats in an increasingly complex digital environment by creating tangible attack programs and formulating effective thwarting mechanisms.
Original language | English |
---|---|
Title of host publication | Research Challenges in Information Science |
Subtitle of host publication | 18th International Conference, RCIS 2024, Guimarães, Portugal, May 14–17, 2024, Proceedings, Part II |
Editors | João Araújo, Jose Luis de la Vara, Maribel Yasmina Santos, Saïd Assar |
Publisher | Springer |
Pages | 111-120 |
Number of pages | 10 |
ISBN (Electronic) | 978-3-031-59468-7 |
ISBN (Print) | 978-3-031-59467-0 |
DOIs | |
Publication status | Published - 4 May 2024 |
Event | 18th Research Challenges in Information Science, RCIS 2024 - Guimarães, Portugal Duration: 14 May 2024 → 17 May 2024 Conference number: 18 |
Conference
Conference | 18th Research Challenges in Information Science, RCIS 2024 |
---|---|
Abbreviated title | RCIS 2024 |
Country/Territory | Portugal |
City | Guimarães |
Period | 14/05/24 → 17/05/24 |