Visible to the public Modeling Attack, Defense and Threat Trees and the Cyber Kill Chain, ATT CK and STRIDE Frameworks as Blackboard Architecture Networks

TitleModeling Attack, Defense and Threat Trees and the Cyber Kill Chain, ATT CK and STRIDE Frameworks as Blackboard Architecture Networks
Publication TypeConference Paper
Year of Publication2020
AuthorsStraub, J.
Conference Name2020 IEEE International Conference on Smart Cloud (SmartCloud)
Date PublishedNovember 2020
PublisherIEEE
ISBN Number978-1-7281-6547-9
KeywordsATT&CK framework, attack decision making logic, attack trees, BACCER, blackboard architecture, blackboard architecture cyber command entity attack route, Chained Attacks, command and control systems, Computer architecture, Cyber Kill Chain, cybersecurity, cybersecurity attacks, decision making, defense trees, formal logic, maintenance engineering, Microsoft's STRIDE, MITRE ATT&CK frameworks, pubcrawl, Reconnaissance, resilience, Resiliency, Scalability, security of data, software architecture, Terminology, threat trees, tree-structures, trees (mathematics), Weapons
Abstract

Multiple techniques for modeling cybersecurity attacks and defense have been developed. The use of tree- structures as well as techniques proposed by several firms (such as Lockheed Martin's Cyber Kill Chain, Microsoft's STRIDE and the MITRE ATT&CK frameworks) have all been demonstrated. These approaches model actions that can be taken to attack or stopped to secure infrastructure and other resources, at different levels of detail.This paper builds on prior work on using the Blackboard Architecture for cyberwarfare and proposes a generalized solution for modeling framework/paradigm-based attacks that go beyond the deployment of a single exploit against a single identified target. The Blackboard Architecture Cyber Command Entity attack Route (BACCER) identification system combines rules and facts that implement attack type determination and attack decision making logic with actions that implement reconnaissance techniques and attack and defense actions. BACCER's efficacy to model examples of tree-structures and other models is demonstrated herein.

URLhttps://ieeexplore.ieee.org/document/9265953
DOI10.1109/SmartCloud49737.2020.00035
Citation Keystraub_modeling_2020