Attack Generation From System Models | Sameer K. C.
| | Abstract | In a real world system such as organizational buildings, it is often hard to �find the culprit who breaches the security at a particular location in the system. Formal methods are of little help because analyses and formalizations are available for software systems but not for real world systems. There are some approaches available such as threat modelling that try to provide the formalisation of the real-world domain, but still are far from the rigid techniques available in security research.
The situation gets even worse in case of insider threats. Insiders have better access, trust and intimate knowledge of surveillance and access control mechanisms of the system. Therefore, an insider can do much more harm to a system and its assets, and, even worse, an insider attack can be very difficult to trace.
With the help of static analysis techniques we can analyse an abstracted system model that allows for easy modelling of real-world systems. This abstraction makes the real world system an analysable model with an underlying semantics that will help us to carry out diff�erent analysis on the system. We can in turn de�fine a modelling language that can be the basis for detecting attack threats at various locations in a system.
This thesis work focuses on generating potential attacks in a real world system by applying static analysis techniques to a system model, i.e., identifying which actions may be performed by whom, at which locations, accessing which data. In this work we developed a tool, written in Java, which is used to generate attacks at speci�fied point in the system, i.e., what kind of attacks can happen at what locations and by what actors. | | Type | Master's thesis [Academic thesis] | | Year | 2011 | | Publisher | Technical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk | | Address | Asmussens Alle, Building 305, DK-2800 Kgs. Lyngby, Denmark | | Series | IMM-M.Sc.-2011-44 | | Note | Supervised by Associate Professor Christian W. Probst, cwpr@dtu.dk, DTU Compute | | Electronic version(s) | [pdf] | | Publication link | http://www.compute.dtu.dk/English.aspx | | BibTeX data | [bibtex] | | IMM Group(s) | Computer Science & Engineering |
|