Masterprüfung mit Defensio, Plepel Markovic Luka

25.02.2020 13:00 - 14:00

Forecasting the Development of XML-based Intrusions Using Models of Attack Patterns

Many businesses use Extensible Markup Language (XML) daily and, this reliance on XML creates distinct attack vectors. Discovering the sepotential attack vectors is a crucial step in engineering a secure system since a successful attack could cause signicant damage. The goals of these attacks can be a Denial of Service (DoS), elevating privileges, accessing, reading and writing data, and executing unauthorized commands. Socio-Technical Systems make attack analysis particularly challenging since any complex systems are composed of people, software, as well as physical infrastructures. As such, a thorough attack analysis needs to consider every aspect of SocioTechnicalSystems. To take the whole system into account, a large amount of securityknowledge is required. This thesis tackles all the challenges mentioned earlier. After a comprehensive literature analysis was conducted, we used the available knowledge to identify eleven realistic and detailed XML attacks, which were then modeled and explained further. Each of the eleven attack patterns was created from the attacker's perspective. The models were created by using a three-layer modelingframework, along with a comprehensive attackknowledge repository. In this thesis, we model and explain each attack pattern model in detail. The result of our work is a forecasting prototype programmed in Python in a Jupyter Notebook document, which stores all the relevant information along with the models of the attack patterns. The prototype's functions are as follows: manualforecasting function based on tasks, automatic forecasting function based on a windows log le, displaying an attack pattern model gure, and access to relevant information about an attack pattern. This thesis aims to aid security professionals in their forensic analysis after an attack. Additionally, the goal is to help detect and mitigate the damage while an attack is happening.

Organiser:

SPL 5

Location:

Besprechungsraum 4.34

Währinger Straße 29
1090 Wien
 Zurück