aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Programming
  • Solutions
  • Technology

A Flexible Simulation Framework For Modeling Cyber Attacks

  • Aelia Vita
  • July 12, 2021
  • 4 minute read

Threat modeling is becoming more and more common for both application development and system analysis. However, most threat modeling approaches remain to be highly manual. Meaning, you must figure out what the system you are analyzing looks like and what types of threats that need mitigation. For smaller applications under development this can be a useful activity, but for larger systems it doesn’t scale.

In order to create a model of an existing system it is suggested to do this based on available data sources, for instance network and vulnerability scanners, firewall rules, and asset inventories. By doing it this way you get an accurate model reflecting the whole system as it actually is implemented and not the modeler’s dreamy view of it. And you can keep your model up-to-date in a continuous way.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

With this fresh accurate model of your system, it is now time to figure out if it is secure or not. And when you realize there are plenty of weaknesses that can be used by attackers you need to decide what the best mitigation strategy is. For this, the threat modeling community has been relying on security experts. However, in a parallel universe other have been using attack graphs to run simulations answering these types of questions. The problem for the attack graph community has similarly been the creation of the graph (the model). Since the systems are large and complex, the graph also becomes large and complex. So, it is difficult, time-consuming, and error-prone to create one and the result isn’t very trustworthy.

Read More  Configuring OpenTelemetry In Ruby

The novel idea I am presenting here is to combine threat models with attack simulations. For this, we have developed the Meta Attack Language (MAL) [1]. This is an open-source framework [2] that can be used to create Domain-Specific (Modeling) Languages (DSLs). With MAL you thus describe what assets you are interested in e.g. computer, network, software, what attacks these assets can be subjected to, and what defenses that could mitigate these attacks. With MAL you therefore have full freedom to create your own threat modeling and attack simulation language. The fancy thing is, when you instantiate your assets, e.g. Robert’s MacBook Air running macOS Big Sur v.11.2.3, you also get an underlying attack and defense graph for it. Thus, when you have your threat model (assets and how these are connected to each other) you can automatically run a simulation pinpointing where your weaknesses are and also suggestions on what mitigations that could be added to decrease the risks.

A small example of MAL-code is presented below, this is based on techniques and mitigations from the MITRE Enterprise ATT&CK Matrix, taken from a research paper [3].

In this small example we can see two categories of assets namely; Accounts and Software. Where we have UserAccounts and
AdminAccounts, with WindowsAdmin inheriting from the general AdminAccount. For the Software category we have Windows and Services. For each asset, there are attack steps defined. For instance, if an attacker gets userRights on a UserAccount this could lead to a userAccessTokenManipulation attack on a Windows machine. The assets can also have defenses associated with them. For the userRights attack a possible defense is to have proper userAccountManagement. The
associations between the assets are also defined, e.g. a Windows machine runs multiple services.

category Account {
        asset UserAccount {
        | userRights
                -> windows.userAccessTokenManipulation
        # userAccountManagement
                -> windows.userAccessTokenManipulation
}
asset AdminAccount {
        | adminRights
        # privilegedAccountManagement
}
asset WindowsAdmin extends AdminAccount {
        | adminRights
                +> windows.adminAccessTokenManipulation
        # privilegedAccountManagement
                +> windows.adminAccessTokenManipulation
        }
}
category Software {
        asset Windows {
                & userAccessTokenManipulation
                info: "Adversaries may use access tokens to operate           under a different user or system security context to perform actions and evade detection."                       -> service.exploitationForPrivilegeEscalation
                & adminAccessTokenManipulation
                       -> service.exploitationForPrivilegeEscalation
}
        asset Service {
                | exploitationForPrivilegeEscalation
        }
}
associations {UserAccount [userAccount] * <--Accesses--> 1 [windows] WindowsAdminAccount [adminAccount] * <--Accesses--> 1 [windows] WindowsWindows [windows] 1 <--Runs--> * [service] Service}

Any MAL-based DSL can be run with the securiCAD tool from foreseeti [4]. This will provide you with more advanced capabilities, for instance nice graph representations, multi-user environments, APIs for data import, cool metrics and reports. Foreseeti has DSLs and products based on MAL and among the more mature and widely-used DSLs you find one for AWS (securiCAD Vanguard) [5], Azure [6], and on-prem IT [7]. There are also DSLs for vehicle systems [8] and power systems [9] available. If you don’t want to use these off-the-shelf, you can either tailor it for your needs or create your own from scratch. Most of the DSLs are open-source and can be reached through the MAL GitHub repository. Imagine a one click tool to get a cyber security analysis of your entire infrastructure. We are not completely there yet. However, with MAL we are not too many clicks away to realize this.

Read More  Firecell And Canonical To Demonstrate 5G Private Mobile Network (PMN) Solution Running On Ubuntu At MWC Barcelona

[1] MAL
https://doi.org/10.1145/3230833.3232799 Pontus Johnson, Robert Lagerström, and Mathias Ekstedt. 2018. A Meta Language for Threat Modeling and Attack Simulations. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018).

[2] MAL as open-source
https://mal-lang.org
Foreseeti
[3] https://foreseeti.com

DSLs
[4] AWS — https://foreseeti.com/securicad-vanguard-for-aws/
[5] Azure — https://foreseeti.com/securicad-enterprise/
[6] coreLang — https://doi.org/10.1007/978-3-030-62230-5_4
Katsikeas S. et al. (2020) An Attack Simulation Language for the IT Domain. In Graphical Models for Security. GraMSec 2020. Lecture Notes in Computer Science, vol 12419. Springer.
[7] vehicleLang — https://www.scitepress.org/Link.aspx?doi=10.5220/0007247901750182
Katsikeas, S.; Johnson, P.; Hacks, S. and Lagerström, R. (2019). Probabilistic Modeling and Simulation of Vehicular Cyber Attacks: An Application of the Meta Attack Language. In Proceedings of the 5th International Conference on Information Systems Security and Privacy — ICISSP.
[8] powerLang — https://doi.org/10.1186/s42162-020-00134-4
Hacks, S., Katsikeas, S., Ling, E. et al. powerLang: a probabilistic attack simulation language for the power domain. Energy Inform 3, 30 (2020)

This article is republished from hackernoon.com


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

Aelia Vita

Related Topics
  • Cyber Attack
  • Meta Attack Language
  • Simulation
  • Threat modeling
You May Also Like
View Post
  • Computing
  • Multi-Cloud
  • Technology

Reliance on US tech providers is making IT leaders skittish

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Examine the 4 types of edge computing, with examples

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

AI and private cloud: 2 lessons from Dell Tech World 2025

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

TD Synnex named as UK distributor for Cohesity

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Weigh these 6 enterprise advantages of storage as a service

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Pulsant targets partner diversity with new IaaS solution

  • May 23, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Growing AI workloads are causing hybrid cloud headaches

  • May 23, 2025

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • 3
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 4
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 5
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.