Abstract
Contrary to intuition, insecure computer network architectures are valuable assets in IT security. Indeed, such architectures (referred to as cyber-ranges) are commonly used to train red teams and test security solutions, in particular ones related to supervision security. Unfortunately, the design and deployment of these cyber-ranges is costly, as they require designing an attack scenario from scratch and then implementing it in an architecture on a case-by-case basis, through manual choices of machines/users, OS versions, available services and configuration choices. This article presents URSID, a framework for automatic deployment of cyber-ranges based on the formal description of attack scenarios. The scenario is described at the technical attack level according to the MITRE nomenclature, refined into several variations (instances) at the procedural level and then deployed in virtual multiple architectures. URSID thus automates costly manual tasks and allows to have several instances of the same scenario on architectures with different OS, software or account configurations. URSID has been successfully tested in an academic cyber attack and defense training exercise.
P.-V. Besson is funded by the Direction Générale de l’Armement (CREACH LABS).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We are here using the official MITRE numerotation for techniques.
- 2.
We throughout this work will refer to the attacker’s machine as Attacker and consider they have complete control of it.
References
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217-224. CCS ’02, Association for Computing Machinery, New York, NY, USA (2002). https://doi.org/10.1145/586110.586140, https://doi.org/10.1145/586110.586140
BESSON, P.V.: Ursid repository (2023). https://gitlab.inria.fr/pibesson/ursid-final
Besson, P.V., et al.: CERBERE: cybersecurity exercise for red and blue team entertainment, reproducibility. In: CyberHunt 2023 - 6th Annual Workshop on Cyber Threat Intelligence and Hunting. IEEE Computer Society, Sorrento, Italy (Dec 2023). https://centralesupelec.hal.science/hal-04285565
Corporation, O.: Virtualbox (2005). https://www.virtualbox.org/
Costa, G., Russo, E., Armando, A.: Automating the generation of cyber range virtual scenarios with VSDL. J. Wirel. Mobile Netw., Ubiquit. Comput., Dependable Appl. 13(4), 61–80 (dec 2022). https://doi.org/10.58346/jowua.2022.i4.004, https://doi.org/10.58346
FBI: Internet crime report 2021 (2021). https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
HashiCorp: Vagrant (2010). https://www.vagrantup.com/
Hat, R.: Cve-2019-14287 (2019). https://access.redhat.com/security/cve/cve-2019-14287
Hemberg, E., et al.: Linking threat tactics, techniques, and patterns with defensive weaknesses, vulnerabilities and affected platform configurations for cyber hunting (2021)
HQ, S.: Generic signature format for siem systems (2017). https://github.com/SigmaHQ/sigma
Inc, A.: Ansible (2012). https://www.ansible.com/
Mensah, P.: Generation and Dynamic Update of Attack Graphs in Cloud Providers Infrastructures. Ph.D. thesis, CentraleSupélec, Châtenay-Malabry, France (2019). https://tel.archives-ouvertes.fr/tel-02416305
MITRE: The mitre att &ck matrix for enterprise (2018). https://attack.mitre.org/matrices/enterprise//
MITRE: Apt29 adversary emulation (2021). https://github.com/center-for-threat-informed-defense/adversary_emulation_library/tree/master/apt29
NIST: Cyber ranges (2018). https://www.nist.gov/system/files/documents/2018/02/13/cyber_ranges.pdf
NIST: Cve-2021-4034 detail (2021). https://nvd.nist.gov/vuln/detail/cve-2021-4034
Outkin, A.V., Schulz, P.V., Schulz, T., Tarman, T.D., Pinar, A.: Defender policy evaluation and resource allocation using mitre attck evaluations data (2021)
Russo, E., Costa, G., Armando, A.: Scenario design and validation for next generation cyber ranges. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–4 (2018). https://doi.org/10.1109/NCA.2018.8548324
Schreuders, C.: Security scenario generator (secgen). https://github.com/cliffe/secgen (2017), https://github.com/cliffe/SecGen
Sharma, Y., Birnbach, S., Martinovic, I.: Radar: A ttp-based extensible, explainable, and effective system for network traffic analysis and malware detection (2023)
Venkatesan, S., et al.: Vulnervan: A vulnerable network generation tool. In: MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM), pp. 1–6 (2019). https://doi.org/10.1109/MILCOM47813.2019.9021013
Yamin, M.M., Katt, B.: Modeling and executing cyber security exercise scenarios in cyber ranges. Comput. Secur. 116, 102635 (2022). https://doi.org/10.1016/j.cose.2022.102635, https://www.sciencedirect.com/science/article/pii/S0167404822000347
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Besson, PV., Tong, V.V.T., Guette, G., Piolle, G., Abgrall, E. (2024). URSID: Automatically Refining a Single Attack Scenario into Multiple Cyber Range Architectures. In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14551. Springer, Cham. https://doi.org/10.1007/978-3-031-57537-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-57537-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57536-5
Online ISBN: 978-3-031-57537-2
eBook Packages: Computer ScienceComputer Science (R0)