GRAFOS

More documents

Recommendations

Info

MotivationThis paper is intended to present how to model attack scenarios to be injectedduring runtime.Abstract - In this paper we consider the validation of security protocols,whose aim to ensure some security properties when the communicationmedium is not reliable. The goal is to uncover protocol vulnerabilities that anattacker can exploit and cause security failures. Our approach uses a faultinjector to inject attacks into a communication system and observe wheterthe security properties are violated. One of the key problems is: how togenerate successful attacks that will indicate the existence ofvulnerabilities? We propose an approach tht is similar to model-based testing,as we derive attack scenarios from an attack model representing knownattacks to the protocol under test. The approach can be completelysupported by tools, , as is shown in the paper.MARCO ANTONIO GARCIA DE CARVALHOMarço de 2010Grafos e Aplicações
MotivationContextTwo categories of faults: malicious (attacks) and accidental ones.Attacks are malicious external activities aimed to intentionally violate one ormore security properties of the system.A vulnerability ismalicious or non-malicious faults introduced duringdevelopment phases of the system or in the way it is used, that could beexploited to create intrusion.Security propertiesThe basic security availability(3).properties areconfidentiality(1),integrity(2)and(1)Prevention of unauthorized disclosure of information;(2)Absence of improper system state alteration, that is, the prevention ofunauthorized modification or deletion of information;(3)Prevention of unnecessary witholding of information.MARCO ANTONIO GARCIA DE CARVALHOMarço de 2010Grafos e Aplicações
Page 1: GRAFOSArtigo: “Generating attack
Page 5 and 6: Attacks TreesRoot node represents t
Page 7 and 8: ScenariosMARCO ANTONIO GARCIA DE CA
Page 9: DoS attackA* search - scenariosMATL

GRAFOS

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?