Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients

Franqueira, Virginia Nunes Leal, Lopes, Raul H. C. and van Eck, Pascal (2008) Multi-step Attack Modelling and Simulation (MsAMS) Framework based on Mobile Ambients. Project Report. Centre for Telematics and Information Technology (CTIT), Enschede.

[thumbnail of MsAMS_TR.pdf]
Preview
PDF - Published Version
257kB

Abstract

Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also e.g. when an attacker acquires a key (e.g. a password) on one host which allows him to exploit further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In this paper we present MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable as well as from the exploitation of non-vulnerable hosts, through the acquisition of keys.


Repository Staff Only: item control page