Cyber ranges for training in threat scenarios are nowadays highly demanded in order to improve people ability to detect vulnerabilities and to react to cyber-threats. Among the other components, scenarios deployment requires a modeling language to express the (software and hardware) architecture of the underlying system, and an emulation platform. In this paper, we exploit a model-driven engineering approach to develop a framework for cyber security scenarios deployment. We develop a domain specific language for scenarios construction, which allows the description of the architectural setting of the system under analysis, and a mechanism to deploy scenarios on the OpenStack cloud infrastructure by means of HEAT templates. On the scenario model, we also show how it is possible to detect network configuration problems and structural vulnerabilities. The presented results are part of our ongoing research work towards the definition of a training cyber range within the EU H2020 project THREAT-ARREST.

A Model Driven Approach for Cyber Security Scenarios Deployment / C. Braghin, S. Cimato, E. Damiani, F. Frati, L. Mauri, E. Riccobene (LECTURE NOTES IN ARTIFICIAL INTELLIGENCE). - In: Computer Security / [a cura di] A.P. Fournaris, M. Athanatos, K. Lampropoulos, S. Ioannidis, G. Hatzivasilis, E. Damiani, H. Abie, S. Ranise, L. Verderame, A. Siena, J.Garcia-Alfaro. - [s.l] : Springer, 2020. - ISBN 9783030420505. - pp. 107-122 (( convegno ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC tenutosi a Luxembourg City nel 2019.

A Model Driven Approach for Cyber Security Scenarios Deployment

C. Braghin;S. Cimato;E. Damiani;F. Frati;L. Mauri;E. Riccobene
2020

Abstract

Cyber ranges for training in threat scenarios are nowadays highly demanded in order to improve people ability to detect vulnerabilities and to react to cyber-threats. Among the other components, scenarios deployment requires a modeling language to express the (software and hardware) architecture of the underlying system, and an emulation platform. In this paper, we exploit a model-driven engineering approach to develop a framework for cyber security scenarios deployment. We develop a domain specific language for scenarios construction, which allows the description of the architectural setting of the system under analysis, and a mechanism to deploy scenarios on the OpenStack cloud infrastructure by means of HEAT templates. On the scenario model, we also show how it is possible to detect network configuration problems and structural vulnerabilities. The presented results are part of our ongoing research work towards the definition of a training cyber range within the EU H2020 project THREAT-ARREST.
Settore INF/01 - Informatica
2020
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
paper1_main.pdf

accesso riservato

Tipologia: Pre-print (manoscritto inviato all'editore)
Dimensione 4.43 MB
Formato Adobe PDF
4.43 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Braghin2020_Chapter_AModelDrivenApproachForCyberSe.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 2.19 MB
Formato Adobe PDF
2.19 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/719825
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 5
social impact