Cyber ranges for training in threat scenarios are nowadays highly demanded in order to improve people ability to detect vulnerabilities and to react to cyber-threats. Among the other components, scenarios deployment requires a modeling language to express the (software and hardware) architecture of the underlying system, and an emulation platform. In this paper, we exploit a model-driven engineering approach to develop a framework for cyber security scenarios deployment. We develop a domain specific language for scenarios construction, which allows the description of the architectural setting of the system under analysis, and a mechanism to deploy scenarios on the OpenStack cloud infrastructure by means of HEAT templates. On the scenario model, we also show how it is possible to detect network configuration problems and structural vulnerabilities. The presented results are part of our ongoing research work towards the definition of a training cyber range within the EU H2020 project THREAT-ARREST.
A Model Driven Approach for Cyber Security Scenarios Deployment / C. Braghin, S. Cimato, E. Damiani, F. Frati, L. Mauri, E. Riccobene (LECTURE NOTES IN ARTIFICIAL INTELLIGENCE). - In: Computer Security / [a cura di] A.P. Fournaris, M. Athanatos, K. Lampropoulos, S. Ioannidis, G. Hatzivasilis, E. Damiani, H. Abie, S. Ranise, L. Verderame, A. Siena, J.Garcia-Alfaro. - [s.l] : Springer, 2020. - ISBN 9783030420505. - pp. 107-122 (( convegno ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC tenutosi a Luxembourg City nel 2019.
A Model Driven Approach for Cyber Security Scenarios Deployment
C. Braghin;S. Cimato;E. Damiani;F. Frati;L. Mauri;E. Riccobene
2020
Abstract
Cyber ranges for training in threat scenarios are nowadays highly demanded in order to improve people ability to detect vulnerabilities and to react to cyber-threats. Among the other components, scenarios deployment requires a modeling language to express the (software and hardware) architecture of the underlying system, and an emulation platform. In this paper, we exploit a model-driven engineering approach to develop a framework for cyber security scenarios deployment. We develop a domain specific language for scenarios construction, which allows the description of the architectural setting of the system under analysis, and a mechanism to deploy scenarios on the OpenStack cloud infrastructure by means of HEAT templates. On the scenario model, we also show how it is possible to detect network configuration problems and structural vulnerabilities. The presented results are part of our ongoing research work towards the definition of a training cyber range within the EU H2020 project THREAT-ARREST.
| File | Dimensione | Formato | |
|---|---|---|---|
|
paper1_main.pdf
accesso riservato
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
4.43 MB
Formato
Adobe PDF
|
4.43 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
Braghin2020_Chapter_AModelDrivenApproachForCyberSe.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
2.19 MB
Formato
Adobe PDF
|
2.19 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
