Skip to content
/ aml Public

A language to model cyber-physical attacks against cyber-physical systems and networks.

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

francescoracciatti/aml

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
aml
aml
 
 
doc
doc
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Build Status codecov

AML

AML stands for Attack Modeling Language. It is a language to model cyber-physical attacks against cyber-physical systems and networks.

AML provides:

  • a set of keywords and syntax rules to model attack scenarios against generic systems,
  • an interpreter that provides the representation of the attack scenarios.

Synopsis

AML is designed to be used on top of the off-the-shelf cyber-physical systems and networks simulators. Its purpose is to enable the simulation of the effects of the modeled attacks on the systems under survey.

Motivation

Cyber-physical systems and networks can be severely compromised by cyber-physical attacks. Since addressing all possible attacks is not viable, due to performance and economic reasons, it is fundamental to choose which attacks to address and which countermeasures to adopt. Hence, a quantitative analysis of attack impact is crucial to make an effective choice.

To do this, it is fundamental to have a tool to model attack scenarios against the system under survey, to be run afterward by using a dedicated simulator. AML is exactly the modeling tool to achieve this purpose.

Code Example

Let the figure 1 represent the network scenario.

TODO add the figure

When the simulation starts, we want to perform the attack scenario that follows:

  • at time 100 s destroy the sensor node 1
  • from time 100, every 10 ms, inject a fake udp packets toward the node 3
  • from time 100 drop all the messages having the source port number 80 passing through the node 4

The AML code is the following:

scenario {
    from 100 {
        # Destroy node
        once {    
            destroyNode(1)
        }
        # Inject fake packets
        every 10 ms {
            packet fake
            createPacket(fake, "udp")
            injectPacket(fake, 3, rx, 0, s)
        }
        # Selective drop
        list targets = [4]
        filter packetfilter = (("layer4.sourcePort" == 80))
        for nodes in targets {
            for packets matching packetfilter {
                drop(captured)
            }
        }
    }
}

Requirements

  • Python 3.6+
  • PLY 3.9+

Installation

Linux/Unix

TBD

Windows

TBD

Mac OS X

TBD

How To Run It

TBD

Tests

Change the current working directory to the directory aml/test and type:

$ python3 -B -m unittest discover -p '*_test.py' -v

API Reference

TBD

Acknowledgments

  • Marco Tiloca
  • Alessandro Pischedda
  • Gianluca Dini

License

Copyright © 2016, Francesco Racciatti. Released under MIT license.

About

A language to model cyber-physical attacks against cyber-physical systems and networks.

Topics

language-modeling cybersecurity attack-modeling

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages