Top

Published in:

2014 | OriginalPaper | Chapter

9. A Strategy for Structuring and Formalising Attack Patterns

Author : Clive Blackwell

Published in: Cyberpatterns

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We have created a framework for modelling security that divides computer incidents into their stages of access, use and effect. In addition, we have developed a three-layer architectural model to examine incidents with the social, logical and physical levels. Our ontology that combines the architectural and incident models provides the basis for a suitable semantics for attack patterns, where the entities and relationships between them can be precisely defined. The current informality of these patterns means that their utility is limited to manual use, so we plan to adapt existing work on formalising design patterns to attack patterns, to aid the detection of attack patterns leading to the possible creation of effective defensive controls. A specification in logic, which is progressively refined into code, is a common method of developing high integrity and secure software, but there are additional issues in system protection, as the system is a diverse set of components housing different and unrelated functionality rather than a single program. The attack patterns form a logical specification, which can be intersected with the model of the defence to determine the corresponding defensive observations and actions to counter the attacks. This would allow convincing reasoning about possible defensive response measures, and holds out the possibility of proving security against certain types of attacks. We outline a roadmap for formulating attack patterns in our ontology and then translating them in logic.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Heuristic Approach for Secure Service Composition Adaptation

next chapter Attack Pattern Recognition Through Correlating Cyber Situational Awareness in Computer Networks

Blackwell C. A security ontology for incident analysis. In: 6th Cyber security and information intelligence research workshop. New York: ACM press; 2010.

Blackwell C. A Framework for investigative questioning in incident analysis and response. In: 7th IFIP WG 11.9 International conference on digital forensics. Springer Advances in Digital Forensics VII; 2011.

Howard M. Attack surface: mitigate security risks by minimizing the code you expose to untrusted users. MSDN magazine; 2004. http://msdn.microsoft.com/en-us/magazine/cc163882.aspx. Accessed 23 Sept 2013.

Blackwell C. A forensic framework for incident analysis applied to the insider threat. In: 3rd ICST international conference on digital forensics and cyber crime. Berlin: Springer; 2011.

Howard JD. An analysis of security incidents on the internet, 1989–1995. PhD thesis. Carnegie-Mellon University. 1997. www.cert.org/archive/pdf/JHThesis.pdfy. Accessed 23 Sept 2013.

Howard JD, Longstaff TA. A common language for computer security incidents. Sandia National Laboratories; 1998. http://www.cert.org/research/taxonomy_988667.pdf.Accessed 23 Sept 2013.

Schneier B. Attack trees: modeling security threats. Dr. Dobb’s J; 1999.

Hutchins EM, Cloppert MJ, Amin RM. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: 6th Annual international conference on information warfare and security, Washington, DC; 2011. www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf. Accessed 23 Sept 2013.

Whittaker JA, Thompson HH. How to break software security. Boston, MA: Addison Wesley; 2001.

10.

Zachman J. A framework for information systems architecture. IBM Syst J. 1987;26(3).

11.

Sherwood J, Clark A, Lynas D. Enterprise security architecture, a business driven approach. San Francisco: CMP Books; 2005.

12.

Hafiz M, Adamczyk P, Johnson RE. Organising security patterns. IEEE Softw. 2007;24(4):52–60.CrossRef

13.

Hafiz M, Adamczyk P, Johnson RE. Growing a pattern language (For Security). In: Proceedings of the 27th object-oriented programming, systems, languages and applications. OOPSLA; 2012.

14.

Fantl J. Knowledge how. In: EN Zalta editor. The stanford encyclopedia of philosophy (Winter 2012 Edition). http://plato.stanford.edu/archives/win2012/entries/knowledge-how. Accessed 23 Sept 2013

15.

Barnum S, Sethi A. Attack patterns as a knowledge resource for building secure software. Cigital Inc. 2007. http://capec.mitre.org/documents/Attack_Patterns-Knowing_Your_Enemies_in_Order_to_Defeat_Them-Paper.pdf. Accessed 23 Sept 2013.

16.

Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software. Reading, MA: Addison-Wesley; 1995.

17.

Alexander C, Ishikawa S, Silverstein M. A pattern language: towns, buildings. Construction, New York: Oxford University Press; 1977.

18.

Moore AP, Ellison RJ, Linger RC. Attack modeling for information security and survivability. No. CMU-SEI-2001-TN-001. Software Engineering Institute, Carnegie Mellon University, Pittsburgh PA; 2001.

19.

Hoglund G, McGraw G. Exploiting software: how to break code. Addison-Wesley; 2004.

20.

Barnum S, Sethi A. Introduction to attack patterns. Cigital Inc. 2006 (revised 14 May 2013). https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/attack/585-BSI.html. Accessed 23 Sept 2013.

21.

Fernandez EB, Pelaez JC, Larrondo-Petrie MM. Attack patterns: a new forensic and design tool. In: 3rd Annual IFIP WG 11.9 international conference on digital forensics. Berlin: Springer. 2007.

22.

Mitre Corporation. Common attack pattern enumeration and classification (CAPEC). Mitre Corporation. http://www.capec.mitre.org. Accessed 23 Sept 2013.

23.

Blackwell C. Formally modelling attack patterns for forensic analysis. In: 5th International conference on cybercrime forensics education and training. Canterbury; 2011.

24.

Swiderski F, Snyder W. Threat modeling. Redmond, WA: Microsoft Press; 2004.

25.

Noy NF, McGuinness DL. Ontology development 101: a guide to creating your first ontology. Technical Report KSL-01-05. Stanford Knowledge Systems Laboratory; 2001.

26.

Bayley I, Zhu H. Formalising design patterns in predicate logic. In: 5th IEEE international conference on software engineering and formal, methods; 2007. pp. 25–36.

27.

Bayley I, Zhu H. Specifying behavioural features of design patterns in first order logic. In: 32nd Annual IEEE international computer software and applications conference. COMPSAC’08. IEEE; 2008. pp. 203–10.

28.

Abrial J-R. The B-Book: assigning programs to meanings. Cambridge: Cambridge University Press; 1996.

29.

Mitre Corporation. Common vulnerabilities and exposures (CVE). Mitre Corporation. http://www.cve.mitre.org. Accessed 23 Sept 2013.

30.

Mitre Corporation. Common weaknesses enumeration (CWE). Mitre Corporation. http://www.cwe.mitre.org. Accessed 23 Sept 2013.

31.

Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P. Security patterns: integrating security and systems engineering. Chichester, West Sussex: Wiley; 2005.

32.

Kowalski R. Computational logic and human thinking: how to be artificially intelligent. Cambridge University Press; 2011.

33.

Robertson T. Essential vs. Accidental Properties. In: EN Zalta editor. The stanford encyclopedia of philosophy (Fall 2008 Edition). http://plato.stanford.edu/archives/fall2008/entries/essential-accidental. Accessed 23 Sept 2013.

34.

Garson J. Modal Logic. In: EN Zalta editor. The stanford encyclopedia of philosophy (Spring 2013 Edition). http://plato.stanford.edu/archives/spr2013/entries/logic-modal. Accessed 23 Sept 2013.

35.

Antoniou G, van Harmelen F. A semantic web primer. 2nd ed. MA, London: MIT Press; 2008.

36.

Dolev D, Yao AC. On the security of public key protocols. IEEE Trans Inf Theory. 1983;29(2):198–208.CrossRefMATHMathSciNet

37.

Fowler M. UML distilled: a brief guide to the standard object modeling language. 3rd ed. Boston, MA: Addison-Wesley Professional; 2003.

Title: A Strategy for Structuring and Formalising Attack Patterns
Author: Clive Blackwell
Publisher: Springer International Publishing
Book: Cyberpatterns
Print ISBN: 978-3-319-04446-0

Electronic ISBN: 978-3-319-04447-7

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-3-319-04447-7_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner