{"title":"从基于特征的上下文导向模型生成网络范围的虚拟场景:一个案例研究","authors":"P. Martou, K. Mens, Benoît Duhoux, Axel Legay","doi":"10.1145/3570353.3570358","DOIUrl":null,"url":null,"abstract":"A cyber range is a virtual training ground for security experts. Trainees are separated into attacking and defending teams, whose roles are either to compromise or to protect some critical infrastructure. As reuse of a same scenario may significantly reduce training efficiency, recent research proposed to automate the process of defining and deploying arbitrarily complex cyber range scenarios through the use of a virtual scenario description language (VSDL). However, it remains a challenge to generate VSDL scenarios dynamically, i.e. in an adaptive manner, to avoid having to redefine new VSDL scenarios for each new situation. Moreover, existing VSDLs often consider limited contextual information (e.g., only the virtualization budget) and do not link explicitly the vulnerabilities of their scenarios together, which prevents from proposing scenarios with more advanced cyber security exploits. In this vision paper, we rely on feature-based context-oriented modelling to generate relevant cyber range scenarios from an explicit user profile and exploits described in attack-defence trees. This result has high industrial potential, as it could enable a kind of on-demand cyber range scenario generation service.","PeriodicalId":340514,"journal":{"name":"Proceedings of the 14th ACM International Workshop on Context-Oriented Programming and Advanced Modularity","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Generating Virtual Scenarios for Cyber Ranges from Feature-Based Context-Oriented Models: A Case Study\",\"authors\":\"P. Martou, K. Mens, Benoît Duhoux, Axel Legay\",\"doi\":\"10.1145/3570353.3570358\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A cyber range is a virtual training ground for security experts. Trainees are separated into attacking and defending teams, whose roles are either to compromise or to protect some critical infrastructure. As reuse of a same scenario may significantly reduce training efficiency, recent research proposed to automate the process of defining and deploying arbitrarily complex cyber range scenarios through the use of a virtual scenario description language (VSDL). However, it remains a challenge to generate VSDL scenarios dynamically, i.e. in an adaptive manner, to avoid having to redefine new VSDL scenarios for each new situation. Moreover, existing VSDLs often consider limited contextual information (e.g., only the virtualization budget) and do not link explicitly the vulnerabilities of their scenarios together, which prevents from proposing scenarios with more advanced cyber security exploits. In this vision paper, we rely on feature-based context-oriented modelling to generate relevant cyber range scenarios from an explicit user profile and exploits described in attack-defence trees. This result has high industrial potential, as it could enable a kind of on-demand cyber range scenario generation service.\",\"PeriodicalId\":340514,\"journal\":{\"name\":\"Proceedings of the 14th ACM International Workshop on Context-Oriented Programming and Advanced Modularity\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 14th ACM International Workshop on Context-Oriented Programming and Advanced Modularity\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3570353.3570358\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 14th ACM International Workshop on Context-Oriented Programming and Advanced Modularity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3570353.3570358","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Generating Virtual Scenarios for Cyber Ranges from Feature-Based Context-Oriented Models: A Case Study
A cyber range is a virtual training ground for security experts. Trainees are separated into attacking and defending teams, whose roles are either to compromise or to protect some critical infrastructure. As reuse of a same scenario may significantly reduce training efficiency, recent research proposed to automate the process of defining and deploying arbitrarily complex cyber range scenarios through the use of a virtual scenario description language (VSDL). However, it remains a challenge to generate VSDL scenarios dynamically, i.e. in an adaptive manner, to avoid having to redefine new VSDL scenarios for each new situation. Moreover, existing VSDLs often consider limited contextual information (e.g., only the virtualization budget) and do not link explicitly the vulnerabilities of their scenarios together, which prevents from proposing scenarios with more advanced cyber security exploits. In this vision paper, we rely on feature-based context-oriented modelling to generate relevant cyber range scenarios from an explicit user profile and exploits described in attack-defence trees. This result has high industrial potential, as it could enable a kind of on-demand cyber range scenario generation service.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
