Date post: | 04-Jan-2016 |
Category: |
Documents |
Upload: | marvin-hudson |
View: | 215 times |
Download: | 0 times |
Attack Tool Repository and Player for Attack Tool Repository and Player for ISEAGEISEAGEMay06-May06-
1111Abstract
Today’s world is changing shape as it increases its dependency on computer technology. As society moves further into the digital world, there has been growing concern for the security of the information stored on computers. Finding exploits to evaluate the security of a given system can be a daunting task. Those individuals wishing to test system security need a way to quickly locate relevant exploits and execute them.
The May06-11 team will develop a solution that provides a user interface to a central repository of exploits, with the ability to search for, and then execute, specific exploits based on their characteristics.
Faculty AdvisorDr. Doug Jacobson
Team Members
Jeremy Brotherton CprE [email protected]
Brett Mastbergen CprE [email protected]
Timothy Hilby CprE [email protected]
Jasen Stoeker CprE [email protected]
Introduction
Project Requirements
Resources and Schedules
Problem Statement• Need to locate and launch computer attacks• Should be able to search one location for specific attacks• Need simple, easy to use interface
Problem Solution• Develop web interface to single repository of attacks• Users can search and launch attacks from one location
Operating Environment
The application will run on a set of computers on the ISEAGE network.
Users
Researchers, students, vendors, and computer professionals.
Uses• Evaluate the weaknesses in computer systems and network architectures• Training users about the effects of various computer attacks
Assumptions• Maximum number of simultaneous users is twenty• Maximum query response time is two seconds• The application is being coded using PHP and MySQL
Limitations• The database will not include all possible attacks or all known attacks • Disk usage is proportional to the size of the database• This system will not fix vulnerabilities or pinpoint the cause of failure
Expected End-Product• MySQL database of attacks with a PHP based web front-end• Documentation for database setup• User’s guide and administrative troubleshooting guide
Proposed Approach
Proposed Approach• Research methods for developing web applications using databases• Select the technologies for development and implement the application• Test the software against client’s expectations
User Machine
Database
Web ServerPHP Script
Windows Attacks
Macintosh Attacks
Linux AttacksTarget Machine
Technologies Considered• Sequel 2005 using ASP.NET• MySQL using PHP
Testing Considerations• Full statement testing• Black box testing from ISEAGE graduate students• White box testing from team members
Project Schedule Gantt Chart
Personnel Efforts Financial RequirementsItem W/O labor With labor Donated costs
Bound project documentation 18.00$ 18.00$ 4 Donated computers (ISEAGE) 1,600.00$ Labor at $11.00 per hour:
Jeremy Brotherton 1,595.00$ Tim Hilby 1,573.00$
Brett Mastbergen 1,507.00$ Jasen Stoeker 1,672.00$
Total costs 18.00$ 6,365.00$ 1,600.00$
Closing Summary
With today’s rapid increase in computer technology the problem of computer security is rising. The ability to create defenses against potential security threats begins with gaining an understanding of how computer networks and computer technologies can be attacked and exploited. The Attack Tool Repository and Player, in conjunction with ISEAGE will provide the ability to quickly, locate and execute a large number of attacks and exploits. The proposed solution will include a web-based search engine capable of searching the attack database. Each attack entry will contain relevant attack information and documentation. This will be tied to a repository that will allow all attacks to be executed from their native platform.
Design Objectives• To develop a web application for searching a repository of attacks• To provide a simple, easy to use interface for one-click launching of attacks• To populate the database with an initial set of attacks and allow for future updates• To offer the option to download attacks from the repository
Functional Requirements• Allows users search for and then launch attacks with the click of a button• Administrative users will have the ability to add or remove items from the database• Supplies users with standardized documentation about each exploit’s usage• Ability to download attack code in order to launch an attack manually
Design Constraints• Software will be platform independent and web-based• Users shall be able to launch attacks with a single click• The database will contain a variety of attacks• The system will not fix vulnerabilities
Milestones• Project definition• End-product design• Develop prototype• Product testing by team and ISEAGE students• Deliver end-product to the client
Figure 1. Current prototype
ClientInformation Assurance Center
Figure 2. Basic solution architecture
Homepagehttp://seniord.ece.iastate.edu/may0611/