A Concept Of An Attack Model For A Model-Based Security .
Institute of Electric, Connectedand Secure MobilityA Concept of an Attack Modelfor a Model-Based SecurityTesting FrameworkTina achim Hofhans-joachim.hof@thi.deSECURWARE 2020November 21, 2020 to November 25, 2020Research Group Security in Mobility
Virtual Session ChairResume of the presenterTina Volkersdorfer received the M.S. degree at Technische Hochschule Ingolstadt(THI). She is a research assistant in the team „Security in Mobility“ of CARISSMA,the THI research and test centre. In context of automotive security, the groupaddresses the automated identification of vulnerabilities within all phases ofsoftware development (e.g., anti-patterns, forensics). Based on this, a complementgeneration of security advices is the purpose.Her focus is on the security modelling and generation of security test cases, includingattack, adversary and target models. She works on the current project “MASSiF” thataddresses model-based security and safety assurance for automotive safety systems.“MASSiF” is supported by the BMBF under the KMU-innovative program.2Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
IntroductionMotivation and PurposeAutomotive domainUsing different models (time-consuming; inconsistent and untraceable security) Holistic modelling framework for attacksPenetration testing [1]Expensive solving of security problemsDepending on the skills of the tester Complement for penetration tests Automatable test execution in the early design phaseFocus is on identifying the necessary conceptional elements for a suitable holistic attack modelling framework3Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
IntroductionRelated WorkProcess Modelling Lockheed Martin Attack Tree [3]Classification Modelling MITRE ATT&CK [4]Holistic Modelling ADVISE [5]Reuse, combinationAbstraction levelSecurity Analysis MethodPhasesMultiple pathsAdversary behaviourLate usageLinearNo adversary informationLate usageAbstract adversaryNo adversary behaviourNo Adversary StrategyCyber Kill Chain [2]4Graph-Based ModellingTechnische Hochschule Ingolstadt tina.volkersdorfer@carissma.eudecision function
AnalysisRequirementsThe proposed framework is intended to be used to decide on the next steps during testing activities withthe following requirements (derived from usableUnderstandableSystematic5Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
Design of an Attack Model for a Model-Based Security Testing FrameworkOverviewFigure 1. Components of the framework.6Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
Design of an Attack Model for a Model-Based Security Testing FrameworkAdversary ModelAttributes Characterize each adversaryAdversary Goal To derive the adversary’s behaviour duringan attack simulationAdversary Perspective Model Represents the adversary’s knowledge aboutthe target at a given timeFigure 2. Components of the Adversary Model.7Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
Design of an Attack Model for a Model-Based Security Testing FrameworkTarget ModelTargetModelFigure 3. Target Model.Represents one or more cyber-enabled capabilities [7], that an adversary wants to attackHolds all necessary, correct information (e.g., available access points [8])Allows executing attacks on systems that do not yet exist8Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
Design of an Attack Model for a Model-Based Security Testing FrameworkAttack Characterization and SimulationProcess perspectiveElementary Attack Iteration1) Identify available access pointsAdversaryModelTargetModelElementary Attack Iteration2) Select one access point3) Probe the targetAdversaryModelTargetModelAttackBase4) Update the adversary’s knowledgeElementary Attack IterationTechnical perspectiveExploit [9] tagged with preconditions [10]Strategic perspectiveSimulation of the adversary’s strategical behaviour9Technische Hochschule Ingolstadt ModelFigure 4. Interaction of the components regarding theelementary attack iteration.
Preliminary EvaluationAttack Scenario 1: Identity theft attackon a social media platform [11]Focus on step (3) “Probe the target”(of one Elementary Attack Iteration)Figure 5. Findings in context of attack scenario „Identity theft“.10Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
Preliminary EvaluationEvaluation Criteria and Interpretation Model-based: Suitable foundation for different modelling approaches Relevant attacks: Representative examples Application domain independence: Examples from very different application domains Reusable elements: E.g., Content of attack base, Elementary Attack Iteration Systematic structures: E.g., Elementary Attack Iteration, Adversary Model, Target Model Visual elements: Suitable foundation for the integration of graphical model elementsProposed attack modelling concept meets the requirements model -based, expressive, reusable,systematic and visualizable.In a later stage of the research project MASSiF the requirements, including the omitted requirements“consistent” and “understandable”, can be meaningfully evaluated.11Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
Conclusion and Future WorkConcept of an attack modelling framework for model-based security testingAddresses security throughout the software engineeringOffers several perspectives on attacksPurpose: Support the automation of security tests, especially in early phasesPreliminary evaluation: Model-based, expressive, reusable, systematic, and visualizableFuture work: Detailed specification and implementation12Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
References[1] K. Scarfone, M. Souppaya, A. Cody, and A. Orebaugh, Technical Guide to Information Security Testing and Assessment, 800-115 ed., Gaithersburg, MD20899-8930: National Institue of Standards and Technology, 2008.[2] E. Hutchins, M. Cloppert, and R. Amin, "Intelligence-Driven Computer Network Defense Informed by Analysis," Leading Issues in Information Warfare &Security Research, vol. 1, pp. 80-106, January 2011.[3] B. Schneier, "Attack Trees," Dr. Dobb's Journal, vol. 24, no. 12, pp. 21-29, 1999.[4] B. E. Strom et al., "MITRE ATT&CK: Design and Philosophy," July 2018. [Online]. Available: hy.pdf. [retrieved: 2020.09.25].[5] E. LeMay et al., "Adversary-Driven State-Based System Security Evaluation," in Proceedings of the 6th International Workshop on Security Measurementsand Metrics, New York, NY, USA, Association for Computing Machinery, 2010, pp. 1-9.[6] A. Drescher, A. Koschmider, and A. Oberweis, Modellierung und Analyse von Geschäftsprozessen [Modelling and Analysis of Business Processes], Berlin,Boston: De Gruyter Oldenbourg, 2017.[7] The MITRE Corporation, "CAPEC Glossary," 4 April 2019. [Online]. Available: https://capec.mitre.org/about/glossary.html. [retrieved: 2020.08.07].[8] J. Bryans et al., "A Template-Based Method for the Generation of Attack Trees," in Information Security Theory and Practice, Cham, Springer InternationalPublishing, 2020, pp. 155-165.[9] H. Siller, "Exploit," Springer Gabler, 19 February 2018. [Online]. Available: ploit-53419/version-276511.[retrieved: 2020.09.15].[10] K. Kaynar, "A taxonomy for attack graph generation and usage in network security," Journal of Information Security and Applications, vol. 29, pp. 27-56,August 2016.[11] The OWASP Foundation, "OWASP Top 10 - 2017: The ten most critical web application security risks," 2017. [Online]. Available: https://owasp.org/wwwproject-top-ten/. [retrieved: 2020.08.13].13Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
QuestionsThanks for your attention!If you have any questions, please email me!tina.volkersdorfer@carissma.eu14Technische Hochschule Ingolstadt tina.volkersdorfer@carissma.eu
[10] K. Kaynar, "A taxonomy for attack graph generation and usage in network security," Journal of Information Security and Applications, vol. 29, pp. 27- 56, August 2016. [11] The OWASP Foundation, "OWASP Top 10 - 2017: The
Magic standard attack, and 1 Speed counter-attack (diamond shape indicates counter-attack, circular shape indicates standard attack). The Crypt Bat may only initiate an attack form in which it has a standard attack available. In this case it’s Magic. Let’s res
Attack Name 2. Attack Cost: Cost to play the card (Can be Gauge, Force or nothing) 3. Range: Which spaces the attack hits 4. Power: An attack’s outgoing damage 5. Speed: Determines who will resolve their attack first. 6. Armor: The attack’s defense against incomi
In DDoS attack, the attacker try to interrupt the services of a server and utilizes its CPU and Network. Flooding DDOS attack is based on a huge volume of attack traffic which is termed as a Flooding based DDOS attack. Flooding-based DDOS attack attempts to congest the victim's network bandwidth with real-looking but unwanted IP data.
actually functions in a real attack, what level of service you are able to provide while under attack, and how your people and process react to and withstand an attack. In this guide we present three options for simulating a DDoS attack in your own lab: Tier 1 — Simulating a basic attack using open-source software and readily available .
Maximum Loss Attack De nition (Maximum Loss Attack) The maximum loss attack nds a perturbed data x by solving the optimization maximize x g t(x ) max j6 t fg j(x )g subject to kx x 0k ; (2) where kkcan be any norm speci ed by the user, and 0 denotes the attack strength. I want to bound my attack kx x 0k I want to make g t(x ) as big as possible
Additional adversarial attack defense methods (e.g., adversarial training, pruning) and conventional model regularization methods are examined as well. 2. Background and Related Works 2.1. Bit Flip based Adversarial Weight Attack The bit-flip based adversarial weight attack, aka. Bit-Flip Attack (BFA) [17], is an adversarial attack variant
to add up the attack surface of all the Classroom Computers (i.e., a larger number of such computers means the network is more exposed to attacks), applying this along an attack path, e.g., h1 h2 h4, is less meaningful, since it means a longer attack path, which indicates more attacking steps required from an attacker and hence more .
2 The Impact of Heart Attacks Every 34 seconds, an American will have a heart attack and about 15% of people who experience a heart attack will die of it.4 Approximately 7,900,000 Americans have had a heart attack or 3.1% to 4% of the U.S. adult population.4 It is estimated that every year 610,000 Americans with have a new heart attack and 325,000 Americans will have a recurrent heart attack.4 .
