1
Attack Tool Repository and Player for Attack Tool Repository and Player for ISEAGE ISEAGE May06- May06- 11 11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As society moves further into the digital world, there has been growing concern for the security of the information stored on computers. Finding exploits to evaluate the security of a given system can be a daunting task. Those individuals wishing to test system security need a way to quickly locate relevant exploits and execute them. The May06-11 team will develop a solution that provides a user interface to a central repository of exploits, with the ability to search for, and then execute, specific exploits based on their Faculty Advisor Dr. Doug Jacobson Team Members Jeremy Brotherton CprE [email protected] u Brett Mastbergen Timothy Hilby CprE [email protected] Jasen Stoeker CprE Introduction Project Requirements Resources and Schedules Problem Statement • Need to locate and launch computer attacks • Should be able to search one location for specific attacks • Need simple, easy to use interface Problem Solution • Develop web interface to single repository of attacks • Users can search and launch attacks from one location Operating Environment The application will run on a set of computers on the ISEAGE network. Users Researchers, students, vendors, and computer professionals. Uses • Evaluate the weaknesses in computer systems and network architectures • Training users about the effects of various computer attacks Assumptions • Maximum number of simultaneous users is twenty • Maximum query response time is two seconds • The application is being coded using PHP and MySQL Limitations • The database will not include all possible attacks or all known attacks • Disk usage is proportional to the size of the database • This system will not fix vulnerabilities or pinpoint the cause of failure Expected End-Product • MySQL database of attacks with a PHP based web front-end • Documentation for database setup • User’s guide and administrative troubleshooting guide Proposed Approach Proposed Approach • Research methods for developing web applications using databases • Select the technologies for development and implement the application • Test the software against client’s expectations U serM achine D atabase W eb Server PH P Script W indow s Attacks M acintosh Attacks Linux Attacks TargetMachine Technologies Considered • Sequel 2005 using ASP.NET • MySQL using PHP Testing Considerations • Full statement testing • Black box testing from ISEAGE graduate students • White box testing from team members Project Schedule Gantt Chart Personnel Efforts Financial Requirements Item W /O labor W ith labor Donated costs Bound projectdocumentation 18.00 $ 18.00 $ 4 Donated com puters (ISEAGE) 1,600.00 $ Laborat$11.00 perhour: Jerem y Brotherton 1,595.00 $ Tim Hilby 1,573.00 $ BrettMastbergen 1,507.00 $ Jasen Stoeker 1,672.00 $ Totalcosts 18.00 $ 6,365.00 $ 1,600.00 $ Closing Summary With today’s rapid increase in computer technology the problem of computer security is rising. The ability to create defenses against potential security threats begins with gaining an understanding of how computer networks and computer technologies can be attacked and exploited. The Attack Tool Repository and Player, in conjunction with ISEAGE will provide the ability to quickly, locate and execute a large number of attacks and exploits. The proposed solution will include a web-based search engine capable of searching the attack database. Each attack entry will contain relevant attack information and documentation. This will be tied to a repository that will allow all attacks to be executed from their native platform. Design Objectives • To develop a web application for searching a repository of attacks • To provide a simple, easy to use interface for one-click launching of attacks • To populate the database with an initial set of attacks and allow for future updates • To offer the option to download attacks from the repository Functional Requirements • Allows users search for and then launch attacks with the click of a button • Administrative users will have the ability to add or remove items from the database • Supplies users with standardized documentation about each exploit’s usage • Ability to download attack code in order to launch an attack manually Design Constraints • Software will be platform independent and web-based • Users shall be able to launch attacks with a single click • The database will contain a variety of attacks • The system will not fix vulnerabilities Figure 1. Current prototype Client Information Assurance Center Figure 2. Basic solution architecture Homepage http://seniord.ece.iastate.edu/ may0611/
![Introduction to Dependency Grammar [0.2cm] and Dependency ...ufal.mff.cuni.cz/~bejcek/parseme/prague/Nivre1.pdf · Introduction to Dependency Grammar and Dependency Parsing Joakim](https://static.documents.pub/doc/80x56/5b14bded7f8b9a201a8b9282/introduction-to-dependency-grammar-02cm-and-dependency-ufalmffcuniczbejcekparsemeprague.jpg)
