Security evaluation can be used at the early stage of development to identify the security level of the system's components and to guide the system's development process. In previous works we extended the ontology of ADVISE Meta, an high-level security modeling framework, to integrate common attack patterns and standardized adversaries' profiles, thus enabling wide-ranging security analyses. However, in such formalism, the active part is played only by the adversary, while the defense is only a passive aspect delegated to a few embedded attributes of the models. This work proposes a preliminary study on an approach to model active dynamic defense strategies, known as Moving Target Defense (MTD). We target one of them, the proactive obfuscation technique, which is modeled using Stochastic Activity Networks to represent the system's dynamic defense and, we join it with an ADVISE model to represent the attack counterpart.
Modeling Moving Target Defense strategies and attacks with SAN and ADVISE / Mariotti, Francesco; Manetti, Lorenzo; Lollini, Paolo. - ELETTRONICO. - (2023), pp. 160-161. (Intervento presentato al convegno IEEE 34th International Symposium on Software Reliability Engineering Workshops) [10.1109/ISSREW60843.2023.00066].
Modeling Moving Target Defense strategies and attacks with SAN and ADVISE
Mariotti, Francesco
;Manetti, Lorenzo;Lollini, Paolo
2023
Abstract
Security evaluation can be used at the early stage of development to identify the security level of the system's components and to guide the system's development process. In previous works we extended the ontology of ADVISE Meta, an high-level security modeling framework, to integrate common attack patterns and standardized adversaries' profiles, thus enabling wide-ranging security analyses. However, in such formalism, the active part is played only by the adversary, while the defense is only a passive aspect delegated to a few embedded attributes of the models. This work proposes a preliminary study on an approach to model active dynamic defense strategies, known as Moving Target Defense (MTD). We target one of them, the proactive obfuscation technique, which is modeled using Stochastic Activity Networks to represent the system's dynamic defense and, we join it with an ADVISE model to represent the attack counterpart.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Modeling_Moving_Target_Defense_strategies_and_attacks_with_SAN_and_ADVISE.pdf
accesso aperto
Tipologia:
Preprint (Submitted version)
Licenza:
Open Access
Dimensione
242.77 kB
Formato
Adobe PDF
|
242.77 kB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
