Skip to main content

Multi-step Attack Modelling and Simulation (MsAMS) Framework Based on Mobile Ambients

Franqueira, Virginia N. L., Lopes, Raul H. C., van Eck, Pascal (2009) Multi-step Attack Modelling and Simulation (MsAMS) Framework Based on Mobile Ambients. In: Proceedings of the 2009 ACM symposium on Applied Computing (SAC 09). . pp. 66-73. ACM Press ISBN 978-1-60558-166-8. (doi:10.1145/1529282.1529294) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided)

PDF - Publisher pdf
Restricted to Repository staff only
Contact us about this Publication Download (406kB)
[img]
Official URL
https://doi.org/10.1145/1529282.1529294

Abstract

Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1145/1529282.1529294
Uncontrolled keywords: Network Attack, Vulnerability Assessment, Attack Graph, Hypergraph
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Virginia Nunes Leal Franqueira
Date Deposited: 10 Oct 2019 16:06 UTC
Last Modified: 11 Oct 2019 13:58 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/77202 (The current URI for this page, for reference purposes)
Franqueira, Virginia N. L.: https://orcid.org/0000-0003-1332-9115
  • Depositors only (login required):

Downloads

Downloads per month over past year