Contract No.: 285248 Strategic Objective

General Mulval Attack Path Web Application API Information

Download 1.78 Mb.

Page	9/54
Date	28.01.2017
Size	1.78 Mb.
	#8871

1 ... 5 6 7 8 9 10 11 12 ... 54

5.2General Mulval Attack Path Web Application API Information

As previously described, the web application part is based on the Mulval core function. Our objectif is to pull Mulval usage through a mainstream protocol. It means that all users can connect easily to our application via web browser and generate the graph directly from this place.

Here is an overview of the attack path engine web application.

file:mulval attack path engine web application interaction with core function.png

Figure 3: Overview of Mulval attack path engine web application

The Mulval Attack Path engine core functions are already depited at:

It remains to define the web application functions. This web application is composed of four components:

1. Connector'

2. Web Application'

3. Visualization of Attack Graph on the Web browser

4. Analysis

5.2.1Connector

The connector used for this web application is a technology solution for connecting web application server and core functions of Mulval attack path engine.

5.2.2Web Application

A web application is an application that is accessed by users over a network such as the Internet or an intranet. This development will help the users to connect to the Mulval attack path engine directly from the web browser.

For more information, you can get it from the wikipedia : [[2]]

5.2.3Visualization of Attack Graph on the Web browser

For this part, you can get details information directly on the user's guide at:

https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Security_Monitoring_/_MulVAL_Attack_Paths_Engine_Web_Application_-_User_and_Programmers_Guide

5.2.4Analysis

The Mulval core functions offer metrics analysis uses the CVSS scoring. This score is contained in each vulnerability definition. We have included a quantitative risk assessment algorithm.

Now we also offer new functions of analysis which are described at:

Scored Attack Paths Open API Specification [[Security-Monitoring:_Scored_Attack_Paths_Open_API_Specification_(PRELIMINARY)]

6Security-Monitoring: Scored Attack Paths Open API Specification

6.1Introduction to the Scored Attack Paths API

6.1.1Scored Attack Paths API Core

This document provides a description of the available interface and presents adapters used by the Scored Attack Paths Application

$c:\documents and settings\t0030011\bureau\d8-1-3\d813_wp8_v1_generated\d813_wp8_v1_pictures\800px-fiware-scored-attack_paths.jpg$

Scoring process

Scored Attack Paths the metrics provided by the MulVAL Attack Paths Engine, as well as business process impact metrics that may optionally be provided by the user. Based on the Attack Graph provided by the Mulval Attack Paths Engine, and the individual scores of each step, the objective is to yield the possible attack paths, along with a score associated to each one of the paths.

The considered attack paths that will be included in the list are selected based on the target node selected in the attack graph. The score of each path reflects the risk associated to the path as a whole, based on the individual scores of each step that have been previously calculated by the MulVAL Attack Paths Engine.

Additionally to the risk score metric, the score of each path will include a second scoring component that will account for the impact on the processes linked to the IT resource(s) being either (i) solely at the target node of the attack path, or (ii) on the attack path.

The main idea of scoring attack paths (Figure 4) is to consider paths independently from one another, as opposed to the approach of the MulVAL Attack Paths Engine, scores of individual scores, the latter being computed by taking into account all the connections existing in the attack graph.

6.1.2Intended Audience

This document is addressed both software architects and developers, and the operators of the Scored Attack Paths Application.

6.1.3API Change History

This version of the Scored Attack Paths API Guide replaces and makes obsolete all previous versions. The most recent changes are described in the table below:

Revision Date	Changes Summary
June, 2013	V2.0, second release
April, 2013	V1.0, first release

6.1.4How to Read This Document

Along the document, some special notations are applied to differentiate some special words or concepts. The following list summarizes these special notations:

A bold, mono-spaced font is used to represent a module.
An italic font is used to represent an example

6.1.5Additional Resources

6.2General Scored Attack Paths API Information

To interact with the Scored Attack Paths application, a REST API has also been created. Here is a description of the features provided by this API.

6.2.1Loading of business impact metric data from an XML file

This function is necessary to load the business process impact metrics.

URL: /attack_paths/initialize
Return format: Http code 200 if the loading has been successful else return the errors

6.2.2Loading of the attack graph

Function used to get the whole attack graph. It is imperative to launch successfully this function before all the functions below.

URL: /attack_paths/attack_graph/
Return format: XML : The Attack graph in MulVAL output format

6.2.3List all attack paths

Function used to get a list of all the attack paths

URL: /attack_paths/list
Return format: XML : The list of attack paths in XML

6.2.4Provide the score of the attack graph

Function used to provide the overall score for an attack graph.

URL: /attack_paths/{id}/
Return format: Displayed result: An attack graph, along with the displayed score.

Download 1.78 Mb.

Share with your friends:

1 ... 5 6 7 8 9 10 11 12 ... 54