Automating the Generation of Cyber Range Virtual Scenarios with VSDL.
作者: Gabriele Costa , Alessandro Armando , Enrico Russo
DOI:
关键词:
摘要: A cyber range is an environment used for training security experts and testing attack defence tools procedures. Usually, a simulates one or more critical infrastructures that attacking (red) defending (blue) teams must compromise protect, respectively. The infrastructure can be physically assembled, but much convenient to rely on the Infrastructure as Service (IaaS) paradigm. Although some modern technologies support IaaS, design deployment of scenarios interest mostly manual operation. As consequence, it common practice have hosting few (sometimes only one), consolidated scenarios. However, reusing same scenario may significantly reduce effectiveness sessions. In this paper, we propose framework automating definition arbitrarily complex relies virtual description language (VSDL), i.e., domain-specific defining high-level features desired while hiding low-level details. semantics VSDL given in terms constraints satisfied by infrastructure. These are then submitted SMT solver checking satisfiability specification. If satisfiable, specification gives rise model automatically converted set scripts IaaS provider.
arxiv.org
harvard.edu参考文章(11)
Jon Davis, Shane Magrath, A Survey of Cyber Ranges and Testbeds ,(2013)
Mattijs Ghijsen, Jeroen van der Ham, Paola Grosso, Cees de Laat, Towards an Infrastructure Description Language for Modeling Computing Infrastructures international symposium on parallel and distributed processing and applications. pp. 207- 214 ,(2012) , 10.1109/ISPA.2012.35
Terry Benzel, The science of cyber security experimentation: the DETER project annual computer security applications conference. pp. 137- 148 ,(2011) , 10.1145/2076732.2076752
Gabriele Costa, Pierpaolo Degano, Fabio Martinelli, Modular plans for secure service composition Journal of Computer Security. ,vol. 20, pp. 81- 117 ,(2012) , 10.3233/JCS-2011-0430
M. Bartoletti, P. Degano, G.L. Ferrari, Types and effects for secure service orchestration ieee computer security foundations symposium. pp. 57- 69 ,(2006) , 10.1109/CSFW.2006.31
Marco A. Barbosa, Luis S. Barbosa, A perspective on service orchestration Science of Computer Programming. ,vol. 74, pp. 671- 687 ,(2009) , 10.1016/J.SCICO.2008.09.019
Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, OpenFlow: enabling innovation in campus networks acm special interest group on data communication. ,vol. 38, pp. 69- 74 ,(2008) , 10.1145/1355734.1355746
Aaron Stump, Cesare Tinelli, Clark Barrett, The SMT-LIB Standard Version 2.0 ,(2010)
Bernard Ferguson, Anne Tall, Denise Olsen, National Cyber Range Overview military communications conference. pp. 123- 128 ,(2014) , 10.1109/MILCOM.2014.27
Frank Corvese, Michael Rosenstein, A secure architecture for the range-level command and control system of a national cyber range testbed CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test. pp. 1- 1 ,(2012)