Skip to content

mal-lang/securicad-coa-generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
SOCCRATES_COA_GENERATOR_Cortex_Analyzer
SOCCRATES_COA_GENERATOR_Cortex_Analyzer
 
 
exp_U5f_2targets
exp_U5f_2targets
 
 
exp_U5f_4targets
exp_U5f_4targets
 
 
exp_U5f_6targets
exp_U5f_6targets
 
 
exp_U5f_8targets
exp_U5f_8targets
 
 
models-for-scalability-test
models-for-scalability-test
 
 
paper_tests_ukraine
paper_tests_ukraine
 
 
securicad
securicad
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
TestsResults_SEGRID_0.txt
TestsResults_SEGRID_0.txt
 
 
TestsResults_SEGRID_1.txt
TestsResults_SEGRID_1.txt
 
 
TestsResults_SEGRID_10.txt
TestsResults_SEGRID_10.txt
 
 
TestsResults_SEGRID_11.txt
TestsResults_SEGRID_11.txt
 
 
TestsResults_SEGRID_12.txt
TestsResults_SEGRID_12.txt
 
 
TestsResults_SEGRID_13.txt
TestsResults_SEGRID_13.txt
 
 
TestsResults_SEGRID_14.txt
TestsResults_SEGRID_14.txt
 
 
TestsResults_SEGRID_15.txt
TestsResults_SEGRID_15.txt
 
 
TestsResults_SEGRID_16.txt
TestsResults_SEGRID_16.txt
 
 
TestsResults_SEGRID_17.txt
TestsResults_SEGRID_17.txt
 
 
TestsResults_SEGRID_18.txt
TestsResults_SEGRID_18.txt
 
 
TestsResults_SEGRID_2.txt
TestsResults_SEGRID_2.txt
 
 
TestsResults_SEGRID_3.txt
TestsResults_SEGRID_3.txt
 
 
TestsResults_SEGRID_4.txt
TestsResults_SEGRID_4.txt
 
 
TestsResults_SEGRID_5.txt
TestsResults_SEGRID_5.txt
 
 
TestsResults_SEGRID_6.txt
TestsResults_SEGRID_6.txt
 
 
TestsResults_SEGRID_7.txt
TestsResults_SEGRID_7.txt
 
 
TestsResults_SEGRID_8.txt
TestsResults_SEGRID_8.txt
 
 
TestsResults_SEGRID_9.txt
TestsResults_SEGRID_9.txt
 
 
boxplots.py
boxplots.py
 
 
newTestsResults_Ukraine_0.txt
newTestsResults_Ukraine_0.txt
 
 
newTestsResults_Ukraine_1.txt
newTestsResults_Ukraine_1.txt
 
 
newTestsResults_Ukraine_10.txt
newTestsResults_Ukraine_10.txt
 
 
newTestsResults_Ukraine_11.txt
newTestsResults_Ukraine_11.txt
 
 
newTestsResults_Ukraine_12.txt
newTestsResults_Ukraine_12.txt
 
 
newTestsResults_Ukraine_13.txt
newTestsResults_Ukraine_13.txt
 
 
newTestsResults_Ukraine_14.txt
newTestsResults_Ukraine_14.txt
 
 
newTestsResults_Ukraine_15.txt
newTestsResults_Ukraine_15.txt
 
 
newTestsResults_Ukraine_2.txt
newTestsResults_Ukraine_2.txt
 
 
newTestsResults_Ukraine_3.txt
newTestsResults_Ukraine_3.txt
 
 
newTestsResults_Ukraine_4.txt
newTestsResults_Ukraine_4.txt
 
 
newTestsResults_Ukraine_5.txt
newTestsResults_Ukraine_5.txt
 
 
newTestsResults_Ukraine_6.txt
newTestsResults_Ukraine_6.txt
 
 
newTestsResults_Ukraine_7.txt
newTestsResults_Ukraine_7.txt
 
 
newTestsResults_Ukraine_8.txt
newTestsResults_Ukraine_8.txt
 
 
newTestsResults_Ukraine_9.txt
newTestsResults_Ukraine_9.txt
 
 

Repository files navigation

Course of Action Generator

The Course of Action (CoA) generator consists of a set of python scripts that operates on a model of an IT architecture as used by the ADG and generates a set of defences that are inactive in the model and are suggested to activate. In SOCCRATES this is used to suggest defences improving the security of ICT infrastructure to the SOC analyst. The CoA Generator was developed by KTH.

Available on: https://github.com/mal-lang/securicad-coa-generator

The CoA generator forms a feedback loop with the ADG analyser. To drive the optimi-zation process, the generator computes a partial response to the threat based on the input attack path, run the ADG analyser to obtain the expected behaviour of the attacker under this partial re-sponse, repeat the procedure on the newly obtained attack path, etc. These iterations thus happen inside the CoA generator component without the involvement of the central orchestrator (OIE). High Level Architecture of CoA Generator is shown as follwos.

CoA Cortex Analyser

For the integration between OIE and CoA Generator the CoA Cortex Analyser has been developed by KTH. It enables the OIE to request the CoAs Generator to produce a list of securiCAD defenses to be applied. Simulation id of an ADG analysis is required by CoA generator to start its computation, there are a few optional request parameters (costs, budgets, and inherent design restrictions).

Available on: https://github.com/mal-lang/securicad-coa-generator/tree/master/SOCCRATES_COA_GENERATOR_Cortex_Analyzer

CoA Deployment

The CoA component is a multi-user web-based platform. The CoA deployment includes a virtual machine instance holding the CoA component and user databases. CoA services are accessed via a APIs. The CoA component can be executed directly on dedicated hardware or in a VM with a sup-ported guest OS and can be deployed on most modern servers, workstations or laptops.

Requirements and Installation

The CoA component requires a machine (dedicated hardware or virtual) with at least 8GB RAM and 20GB of storage, and currently supports the following operating systems: Windows and Ubuntu Server 18.04/20.04. CoA component execution requires user credentials.

Language Support

The CoA component is independent of what modelling language the ADG is using, as long as it is defined in the Meta Attack Language. However, defence step implementation costs needs to be defined separately per model (or language). In SOCCRATES we use the language named coreLang for which we have assigned some default costs for a subset of all defences in the language.

Functional Specification

  • Functions of CoA generator:

Input:

  1. Pointer to an attack defence graph model in the form of securiCAD simulation id. In this model one or more target attack steps are specified representing high value as-sets that are the ones that are to be protected. (To be provided by the ADG component.)
  2. The information on cost of implementation of defences (potentially in multiple cost dimen-sions) and the available budget. (To be provided by the SOC analyst.)

Output:

  1. Initial Time-to-compromise values for each target attack step in the securiCAD model

  2. A list of CoAs, each CoA includes the following information:

    • Efficiency score of the defences as calculated by the CoA generator used for priori-tization inside the CoA generator algorithm
    • Projected time-to-compromise values after implementing the defences in the course of action
    • Cost of implementation of CoA (in multiple cost dimensions)
    • Set of ordered defences in the securiCAD model from the ADG component
    • Web Link to the simulation report in securiCAD after adding the CoA defences

Integration

The functionality provided by the CoA to the SOCCRATES platform is utilized via the CoA Cortex Analyser. The simulation id is a mandatory parameter required whereas all other parameters are optional. If budgets are not provided, then CoA generation will assume infinite budget. If costs are not provided zero costs will be assumed. If no design restrictions are provided none will be assumed.

License

Licensed under the Apache License, Version 2.0.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages