EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


13832 Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients
Home Policy Brochure Browse Search User Area Contact Help

Nunes Leal Franqueira, V. and Lopes, R.H.C. and van Eck, P.A.T. (2009) Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. In: Proceeding of the 24th Annual ACM Symposium on Applied Computing, SAC'2009, 08-12 March 2009, Honolulu, Hawaii, USA. pp. 66-73. ACM. ISBN 978-1-60558-166-8

Full text available as:

PDF

173 Kb
Open Access



Official URL: http://dx.doi.org/10.1145/1529282.1529294

Exported to Metis

Abstract

Attackers take advantage of any security breach to penetrate an
organisation perimeter and exploit hosts as stepping stones to
reach valuable assets, deeper in the network. The exploitation of
hosts is possible not only when vulnerabilities in commercial off-the-shelf
(COTS) software components are present, but also, for example, when an
attacker acquires a credential on one host which allows exploiting
further hosts on the network. Finding attacks involving the
latter case requires the ability to represent dynamic models. In fact,
more dynamic aspects are present in the network domain such as attackers
accumulate resources (i.e. credentials) along an attack, and users and
assets may move from one environment to another, although always
constrained by the ruling of the network.
In this paper we address these dynamic issues by presenting MsAMS
(Multi-step Attack Modelling and
Simulation), an implemented framework, based on Mobile
Ambients, to discover attacks in networks. The idea of ambients fits
naturally into this domain and has the advantage of providing
flexibility for modelling. Additionally, the concept of mobility
allows the simulation of attackers exploiting opportunities derived
either from the exploitation of vulnerable and non-vulnerable hosts,
through the acquisition of
credentials. It also allows expressing security policies
embedded in the rules of the ambients.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-IS: Information Systems
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
ID Code:13832
Status:Published
Deposited On:07 January 2010
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item