Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Authoritative sources in a hyperlinked environment
Proceedings of the ninth annual ACM-SIAM symposium on Discrete algorithms
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
FoSSaCS '98 Proceedings of the First International Conference on Foundations of Software Science and Computation Structure
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Towards a Theory of Insider Threat Assessment
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
A Host-Based Approach to Network Attack Chaining Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Google's PageRank and Beyond: The Science of Search Engine Rankings
Google's PageRank and Beyond: The Science of Search Engine Rankings
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerability Assessment by Learning Attack Specifications in Graphs
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Attacks against computer network: formal grammar-based framework and simulation tool
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Systems and Software Verification: Model-Checking Techniques and Tools
Systems and Software Verification: Model-Checking Techniques and Tools
A risk management process for consumers: the next step in information security
Proceedings of the 2010 workshop on New security paradigms
Reducing normative conflicts in information security
Proceedings of the 2011 workshop on New security paradigms workshop
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability
Proceedings of the 2012 workshop on New security paradigms
Hi-index | 0.01 |
Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.