ChaosXploit: A Security Chaos Engineering framework based on Attack Trees

Sara Palacios, Daniel Díaz-López, Pantaleone Nespoli

Producción científica: Contribución a una conferenciaArtículorevisión exhaustiva

51 Descargas (Pure)

Resumen

Security incidents may have several origins. However, many times they are caused due to components that are supposed to be correctly configured or deployed. Traditional methods may not detect those security assumptions, and new alternatives need to be tried. Security Chaos Engineering (SCE) represents a new way to detect such failing components to protect assets under cyber risk scenarios. This paper proposes ChaosXploit, a security chaos engineering framework based on attack trees, which leverages the chaos engineering methodology along with a knowledge database composed of attack trees to detect and exploit vulnerabilities in different targets as part of an offensive security exercise. Once the proposal is explained, a set of experiments are conducted to validate the feasibility of ChaosXploit to validate the security of cloud managed services, i.e. Amazon buckets, which may be prone to misconfigurations.
Idioma originalInglés estadounidense
Páginas130-137
Número de páginas8
EstadoPublicada - jun. 27 2022

Áreas temáticas de ASJC Scopus

  • Matemática computacional

Huella

Profundice en los temas de investigación de 'ChaosXploit: A Security Chaos Engineering framework based on Attack Trees'. En conjunto forman una huella única.

Citar esto