A Model Driven Approach for Cyber Security Scenarios Deployment

Chiara Braghin, Stelvio Cimato, Ernesto Damiani, Fulvio Frati, Lara Mauri, Elvinia Riccobene

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Scopus citations

Abstract

Cyber ranges for training in threat scenarios are nowadays highly demanded in order to improve people ability to detect vulnerabilities and to react to cyber-threats. Among the other components, scenarios deployment requires a modeling language to express the (software and hardware) architecture of the underlying system, and an emulation platform. In this paper, we exploit a model-driven engineering approach to develop a framework for cyber security scenarios deployment. We develop a domain specific language for scenarios construction, which allows the description of the architectural setting of the system under analysis, and a mechanism to deploy scenarios on the OpenStack cloud infrastructure by means of HEAT templates. On the scenario model, we also show how it is possible to detect network configuration problems and structural vulnerabilities. The presented results are part of our ongoing research work towards the definition of a training cyber range within the EU H2020 project THREAT-ARREST.

Original languageBritish English
Title of host publicationComputer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Revised Selected Papers
EditorsApostolos P. Fournaris, Manos Athanatos, Sotiris Ioannidis, George Hatzivasilis, Konstantinos Lampropoulos, Ernesto Damiani, Habtamu Abie, Silvio Ranise, Alberto Siena, Luca Verderame, Joaquin Garcia-Alfaro
PublisherSpringer
Pages107-122
Number of pages16
ISBN (Print)9783030420505
DOIs
StatePublished - 2020
Event2nd International Workshop on Information and Operational Technology (IT and OT) security systems, IOSec 2019, the 1st International Workshop on Model-driven Simulation and Training Environments, MSTEC 2019, and the 1st International Workshop on Security for Financial Critical Infrastructures and Services, FINSEC 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 - Luxembourg City, Luxembourg
Duration: 26 Sep 201927 Sep 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11981 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2nd International Workshop on Information and Operational Technology (IT and OT) security systems, IOSec 2019, the 1st International Workshop on Model-driven Simulation and Training Environments, MSTEC 2019, and the 1st International Workshop on Security for Financial Critical Infrastructures and Services, FINSEC 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019
Country/TerritoryLuxembourg
CityLuxembourg City
Period26/09/1927/09/19

Fingerprint

Dive into the research topics of 'A Model Driven Approach for Cyber Security Scenarios Deployment'. Together they form a unique fingerprint.

Cite this