Haruspex的扩展以覆盖应用程序环境中的漏洞

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP) Pub Date : 2016-02-01 DOI:10.1109/PDP.2016.54

F. Baiardi, F. Tonelli, Lorenzo Isoni

{"title":"Haruspex的扩展以覆盖应用程序环境中的漏洞","authors":"F. Baiardi, F. Tonelli, Lorenzo Isoni","doi":"10.1109/PDP.2016.54","DOIUrl":null,"url":null,"abstract":"Haruspex is a suite of tools that assesses ICT risk through a scenario approach. Each scenario includes the target system and some threat agents that compose the attacks enabled by the system vulnerabilities to reach some predefined goals. The suite applies a Monte Carlo method with multiple simulations of the agent attacks against the target system. The simulation applies a formal model of the target system that describes the system nodes, the components with their vulnerabilities, and the logical topology. This paper proposes an extension to model in a more accurate way how the relations and the interactions among applications affect the agent attacks. After introducing this extension, we show how it supports the modeling of web applications. Then, we adopt the new model to assess a critical infrastructure that supervises and manages gas distribution.","PeriodicalId":192273,"journal":{"name":"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"An Extension of Haruspex to Cover Vulnerabilities in Application Environments\",\"authors\":\"F. Baiardi, F. Tonelli, Lorenzo Isoni\",\"doi\":\"10.1109/PDP.2016.54\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Haruspex is a suite of tools that assesses ICT risk through a scenario approach. Each scenario includes the target system and some threat agents that compose the attacks enabled by the system vulnerabilities to reach some predefined goals. The suite applies a Monte Carlo method with multiple simulations of the agent attacks against the target system. The simulation applies a formal model of the target system that describes the system nodes, the components with their vulnerabilities, and the logical topology. This paper proposes an extension to model in a more accurate way how the relations and the interactions among applications affect the agent attacks. After introducing this extension, we show how it supports the modeling of web applications. Then, we adopt the new model to assess a critical infrastructure that supervises and manages gas distribution.\",\"PeriodicalId\":192273,\"journal\":{\"name\":\"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDP.2016.54\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDP.2016.54","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

Haruspex是一套通过情景方法评估ICT风险的工具。每个场景都包括目标系统和一些威胁代理，这些威胁代理组成由系统漏洞支持的攻击，以达到一些预定义的目标。该套件应用蒙特卡罗方法，对目标系统进行代理攻击的多个模拟。模拟应用目标系统的形式化模型，该模型描述了系统节点、具有漏洞的组件和逻辑拓扑。本文提出了一个扩展，以更准确地建模应用程序之间的关系和交互如何影响代理攻击。在介绍这个扩展之后，我们将展示它是如何支持web应用程序建模的。然后，我们采用新模型来评估监督和管理天然气分配的关键基础设施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Extension of Haruspex to Cover Vulnerabilities in Application Environments

Haruspex is a suite of tools that assesses ICT risk through a scenario approach. Each scenario includes the target system and some threat agents that compose the attacks enabled by the system vulnerabilities to reach some predefined goals. The suite applies a Monte Carlo method with multiple simulations of the agent attacks against the target system. The simulation applies a formal model of the target system that describes the system nodes, the components with their vulnerabilities, and the logical topology. This paper proposes an extension to model in a more accurate way how the relations and the interactions among applications affect the agent attacks. After introducing this extension, we show how it supports the modeling of web applications. Then, we adopt the new model to assess a critical infrastructure that supervises and manages gas distribution.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)

自引率

0.00%

发文量