Generating Virtual Scenarios for Cyber Ranges from Feature-Based Context-Oriented Models: A Case Study
Pages 35 - 43
Abstract
A cyber range is a virtual training ground for security experts. Trainees are separated into attacking and defending teams, whose roles are either to compromise or to protect some critical infrastructure. As reuse of a same scenario may significantly reduce training efficiency, recent research proposed to automate the process of defining and deploying arbitrarily complex cyber range scenarios through the use of a virtual scenario description language (VSDL). However, it remains a challenge to generate VSDL scenarios dynamically, i.e. in an adaptive manner, to avoid having to redefine new VSDL scenarios for each new situation. Moreover, existing VSDLs often consider limited contextual information (e.g., only the virtualization budget) and do not link explicitly the vulnerabilities of their scenarios together, which prevents from proposing scenarios with more advanced cyber security exploits. In this vision paper, we rely on feature-based context-oriented modelling to generate relevant cyber range scenarios from an explicit user profile and exploits described in attack-defence trees. This result has high industrial potential, as it could enable a kind of on-demand cyber range scenario generation service.
References
[1]
Mathieu Acher, Philippe Collet, Franck Fleurey, Philippe Lahire, Sabine Moisan, and Jean-Paul Rigault. 2009. Modeling context and dynamic adaptations with feature models. In 4th International Workshop Models@ run. time at Models 2009 (MRT’09). 10.
[2]
Eduard Baranov, Axel Legay, and Kuldeep S. Meel. 2020. Baital: an adaptive weighted sampling approach for improved t-wise coverage. In ESEC/FSE ’20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, USA, November 8-13, 2020, Prem Devanbu, Myra B. Cohen, and Thomas Zimmermann (Eds.). ACM, 1114–1126.
[3]
Clark Barrett, Christopher L Conway, Morgan Deters, Liana Hadarean, Dejan Jovanović, Tim King, Andrew Reynolds, and Cesare Tinelli. 2011. Cvc4. In International Conference on Computer Aided Verification. Springer, 171–177.
[4]
Rafael Capilla, Óscar Ortiz, and Mike Hinchey. 2014. Context Variability for Context-Aware Systems. Computer 47, 2 (2014), 85–87.
[5]
Gabriele Costa, Enrico Russo, and Alessandro Armando. 2020. Automating the Generation of Cyber Range Virtual Scenarios with VSDL. arXiv preprint arXiv:2001.06681 (January 2020).
[6]
Pascal Costanza and Robert Hirschfeld. 2005. Language Constructs for Context-Oriented Programming: An Overview of ContextL. In Proceedings of the 2005 Symposium on Dynamic Languages (DLS ’05). ACM, 1–10.
[7]
Benoît Duhoux. 2022. Feature-Based Context-Oriented Software Development. Ph. D. Dissertation.
[8]
Benoît Duhoux, Kim Mens, and Bruno Dumas. 2019. Implementation of a Feature-Based Context-Oriented Programming Language. In Proceedings of the Workshop on Context-oriented Programming(COP ’19). ACM, 9–16.
[9]
Benoît Duhoux, Kim Mens, Bruno Dumas, and Hoo Sing Leung. 2019. A Context and Feature Visualisation Tool for a Feature-Based Context-Oriented Programming Language. In Proceedings of the Seminar Series on Advanced Techniques & Tools for Software Evolution (SATTOSE ’19)(CEUR Workshop Proceedings, Vol. 2510). CEUR-WS.org.
[10]
Igor Nai Fovino, Marcelo Masera, and Alessio De Cian. 2009. Integrating cyber attacks within fault trees. Reliability Engineering & System Safety 94, 9 (2009), 1394–1402.
[11]
Mattijs Ghijsen, Jeroen Van Der Ham, Paola Grosso, and Cees De Laat. 2012. Towards an infrastructure description language for modeling computing infrastructures. In 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications. IEEE, 207–214.
[12]
Sebastián González, Nicolás Cardozo, Kim Mens, Alfredo Cádiz, Jean-Christophe Libbrecht, and Julien Goffaux. 2011. Subjective-C: Bringing Context to Mobile Platform Programming. In Proceedings of 3rd International Conference on Software Language Engineering(SLE ’10). Springer, 246–265.
[13]
Mehrdad Hajizadeh, Trung V Phan, and Thomas Bauschert. 2018. Probability analysis of successful cyber attacks in sdn-based networks. In 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). IEEE, 1–6.
[14]
Herman Hartmann and Tim Trew. 2008. Using Feature Diagrams with Context Variability to Model Multiple Product Lines for Software Supply Chains. In Proceedings of 12th International Software Product Line Conference(SPLC ’08). IEEE, 12–21.
[15]
Robert Hirschfeld, Pascal Costanza, and Michael Haupt. 2008. Generative and Transformational Techniques in Software Engineering II. Springer, Chapter An Introduction to Context-Oriented Programming with ContextS, 396–407.
[16]
Kyo C. Kang, Sholom G. Cohen, James A. Hess, William E. Novak, and A. Spencer Peterson. 1990. Feature-Oriented Domain Analysis (FODA) Feasibility Study. Technical Report. Carnegie-Mellon University Software Engineering Institute.
[17]
Guilherme Piegas Koslovski, Pascale Vicat-Blanc Primet, and Andrea Schwertner Charao. 2008. VXDL: Virtual resources and interconnection networks description language. In International Conference on Networks for Grid Applications. Springer, 138–154.
[18]
Diego Kreutz, Fernando MV Ramos, Paulo Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. 2014. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (2014), 14–76.
[19]
Sunilkumar S Manvi and Gopal Krishna Shyam. 2014. Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of network and computer applications 41 (2014), 424–440.
[20]
Pierre Martou, Kim Mens, Benoît Duhoux, and Axel Legay. 2021. Test Scenario Generation for Context-Oriented Programs. arXiv preprint arXiv:2109.11950(2021).
[21]
Kim Mens, Rafael Capilla, Herman Hartmann, and Thomas Kropf. 2017. Modeling and Managing Context-Aware Systems’ Variability. IEEE Software 34, 6 (2017), 58–63.
[22]
Guido Salvaneschi, Carlo Ghezzi, and Matteo Pradella. 2011. JavaCtx: Seamless Toolchain Integration for Context-oriented Programming. In Proceedings of 3rd International Workshop on Context-Oriented Programming(COP ’11). ACM, Article 4, 6 pages.
[23]
Muhammad Mudassar Yamin and Basel Katt. 2022. Modeling and executing cyber security exercise scenarios in cyber ranges. Computers & Security 116 (2022), 102635.
[24]
Ahmed S. Yesuf. 2014. Context-based attack tree modeling for software development: A framework for computer-aided and context-aware attack tree modeling approach for software development. LAP LAMBERT Academic Publishing.
Index Terms
- Generating Virtual Scenarios for Cyber Ranges from Feature-Based Context-Oriented Models: A Case Study
Index terms have been assigned to the content through auto-classification.
Recommendations
Train as you Fight: Evaluating Authentic Cybersecurity Training in Cyber Ranges
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing SystemsHumans can play a decisive role in detecting and mitigating cyber attacks if they possess sufficient cybersecurity skills and knowledge. Realizing this potential requires effective cybersecurity training. Cyber range exercises (CRXs) represent a novel ...
Cyber ranges and security testbeds: Scenarios, functions, tools and architecture
AbstractThe first line of defense against cyber threats and cyber crimes is to be aware and get ready, e.g., through cyber security training. Training can have two forms, the first is directed towards security professionals and aims at ...
Use of cyber attack and defense agents in cyber ranges: A case study
AbstractWith the ever-changing cybersecurity landscape, the need for a continuous training for new cybersecurity skill sets is a requirement. Such continuous training programs can be delivered on platforms like cyber ranges. Cyber ranges ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2022
56 pages
ISBN:9781450399869
DOI:10.1145/3570353
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 10 December 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
COP '22
COP '22: International Workshop on Context-Oriented Programming and Advanced Modularity
June 7, 2022
Berlin, Germany
Acceptance Rates
Overall Acceptance Rate 17 of 25 submissions, 68%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 77Total Downloads
- Downloads (Last 12 months)35
- Downloads (Last 6 weeks)8
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format