Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets

Dahl, Ole Martin; Wolthusen, Stephen D.

doi:10.1109/iwia.2006.17

Cited by 26 publications

(18 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The security test models are categorized into white box, gray box, and black box. White box describes the test in which the tester has the complete knowledge about the infrastructure to be tested [24,63]. Black-box, in contrast, assume that there is no prior knowledge about the environment.…”

Section: Rq3-what Are the Models Of Pentest?mentioning

confidence: 99%

Overview and open issues on penetration test

Bertoglio

Zorzo

2017

J Braz Comput Soc

View full text Add to dashboard Cite

Several studies regarding security testing for corporate environments, networks, and systems were developed in the past years. Therefore, to understand how methodologies and tools for security testing have evolved is an important task. One of the reasons for this evolution is due to penetration test, also known as Pentest. The main objective of this work is to provide an overview on Pentest, showing its application scenarios, models, methodologies, and tools from published papers. Thereby, this work may help researchers and people that work with security to understand the aspects and existing solutions related to Pentest. A systematic mapping study was conducted, with an initial gathering of 1145 papers, represented by 1090 distinct papers that have been evaluated. At the end, 54 primary studies were selected to be analyzed in a quantitative and qualitative way. As a result, we classified the tools and models that are used on Pentest. We also show the main scenarios in which these tools and methodologies are applied to. Finally, we present some open issues and research opportunities on Pentest.

show abstract

Section: Rq3-what Are the Models Of Pentest?mentioning

confidence: 99%

Overview and open issues on penetration test

Bertoglio

Zorzo

2017

J Braz Comput Soc

View full text Add to dashboard Cite

show abstract

“…Dahl and Wolthusen suggested the use of interval timed colored Petri nets where tokens carry timestamps as well as color and the firing delay of transitions are bounded by specified time intervals [31]. Their concern is timing-dependent attacks carried out by multiple attackers against possibly multiple targets.…”

Section: B Petri Netsmentioning

confidence: 99%

Petri Net Modeling of Cyber-Physical Attacks on Smart Grid

Chen

Sánchez-Aarnoutse

Buford

2011

IEEE Trans. Smart Grid

228

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract-This paper investigates the use of Petri nets for modeling coordinated cyber-physical attacks on the smart grid. Petri nets offer more flexibility and expressiveness than traditional attack trees to represent the actions of simultaneous attackers. However, Petri net models for attacks on very large critical infrastructures such as the smart grid require a great amount of manual effort and detailed expertise in cyber-physical threats. To overcome these obstacles, we propose a novel hierarchical method to construct large Petri nets from a number of smaller Petri nets that can be created separately by different domain experts. The construction method is facilitated by a model description language that enables identical places in different Petri nets to be matched. The new modeling approach is described for an example attack on smart meters, and its efficacy is demonstrated by a proof-of-concept Python program. Permanent

show abstract

“…To design a penetration test in order to achieve a complete assessment, multiple conceptual solutions exist, among which the more important are Attack Trees, Attack Graphs, Petri's Network variants, etc. [12], [17], [19]. In the following section we describe the basic foundations of an Attack Tree design together with an instantiation related to an attack to SIP devices in a network.…”

Section: Writing Assessment Testsmentioning

confidence: 99%

“…In the research community, recent work on formal descriptions on how penetration tests can be accomplished ranges from modelling attack trees [19], Colored Petri Nets [12] to Attacks Graphs [17]. The major differences consist in their power of expressiveness as well as in their complexity.…”

Section: Scripting Environmentmentioning

confidence: 99%

Assessing the security of VoIP Services

Abdelnur

State

Chrisment

et al. 2007

2007 10th IFIP/IEEE International Symposium on Integrated Network Management

View full text Add to dashboard Cite

Abstract-VoIP networks are in a major deployment phase and are becoming widely spread out due to their extended functionality and cost efficiency. Meanwhile, as VoIP traffic is transported over the Internet, it is the target of a range of attacks that can jeopardize its proper functionality. In this paper we describe our work in a VoIP specific security assessment framework. Such an assessment is automated with integrated discovery actions, data management and security attacks allowing to perform VoIP specific penetration tests. These tests are important because they permit to search and detect existing vulnerabilities or misconfigured devices and services. Our main contributions consist in an elaborated network information model capable to be used in VoIP assessment, an extensible assessment architecture and its implementation, as well as in a comprehensive framework for defining and composing VoIP specific attacks.

show abstract

Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets

Abstract: The commonly used flaw hypothesis model (FHM)

Cited by 26 publications

References 24 publications

Overview and open issues on penetration test

Overview and open issues on penetration test

Petri Net Modeling of Cyber-Physical Attacks on Smart Grid

Assessing the security of VoIP Services

Contact Info

Product

Resources

About