ChaosXploit: A Security Chaos Engineering framework based on Attack Trees

Sara Palacios, Daniel Díaz-López, Pantaleone Nespoli

Research output: Contribution to conferencePaperpeer-review

52 Downloads (Pure)

Abstract

Security incidents may have several origins. However, many times they are caused due to components that are supposed to be correctly configured or deployed. Traditional methods may not detect those security assumptions, and new alternatives need to be tried. Security Chaos Engineering (SCE) represents a new way to detect such failing components to protect assets under cyber risk scenarios. This paper proposes ChaosXploit, a security chaos engineering framework based on attack trees, which leverages the chaos engineering methodology along with a knowledge database composed of attack trees to detect and exploit vulnerabilities in different targets as part of an offensive security exercise. Once the proposal is explained, a set of experiments are conducted to validate the feasibility of ChaosXploit to validate the security of cloud managed services, i.e. Amazon buckets, which may be prone to misconfigurations.
Original languageEnglish (US)
Pages130-137
Number of pages8
StatePublished - Jun 27 2022

All Science Journal Classification (ASJC) codes

  • Computational Mathematics

Fingerprint

Dive into the research topics of 'ChaosXploit: A Security Chaos Engineering framework based on Attack Trees'. Together they form a unique fingerprint.

Cite this