Fourth IEEE International Workshop on Information Assurance (IWIA'06) (2006)
Royal Holloway, United Kingdom
Apr. 13, 2006 to Apr. 14, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWIA.2006.17
Ole Martin Dahl , Gjovik University College, Norway
Stephen D. Wolthusen , Gjovik University College, Norway
The commonly used flaw hypothesis model (FHM) for performing penetration tests provides only limited, highlevel guidance for the derivation of actual penetration attempts. In this paper, a mechanism for the systematic modeling, simulation, and exploitation of complex multistage and multi-agent vulnerabilities in networked and distributed systems based on stochastic and interval-timed colored Petri nets is described and analyzed through case studies elucidating several properties of Petri net variants and their suitability to modeling this type of attack.
O. M. Dahl and S. D. Wolthusen, "Modeling and Execution of Complex Attack Scenarios using Interval Timed Colored Petri Nets," Fourth IEEE International Workshop on Information Assurance (IWIA'06)(IWIA), Royal Holloway, United Kingdom, 2006, pp. 157-168.