IRIS

Attack classification does represent a crucial activity in different security areas. During security assessment, it makes it easier to define which attacks must be performed. When conducting threat modeling activities, it simplifies the definition of attack graphs. Many works have addressed the attack taxonomy problem, by introducing different ways to classify attacks. However, these classifications are centered around vulnerabilities and have all been designed from the point of view of those defending a system. Nowadays, companies have a growing interest in Penetration Testing activities, as they have proven effective in detecting vulnerabilities. Penetration testers perform their activity by focusing on goals rather than attack types. In this paper we introduce a “goal-centric” methodology to classify attacks in terms of Hacking Goals.

Hacking Goals: A Goal-Centric Attack Classification Framework / Caturano, F.; Perrone, G.; Romano, S. P.. - 12543:(2020), pp. 296-301. (Intervento presentato al convegno 32nd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2020 tenutosi a ita nel 2020) [10.1007/978-3-030-64881-7_19].

Hacking Goals: A Goal-Centric Attack Classification Framework

Caturano F.;Perrone G.;Romano S. P.
2020

Abstract

Attack classification does represent a crucial activity in different security areas. During security assessment, it makes it easier to define which attacks must be performed. When conducting threat modeling activities, it simplifies the definition of attack graphs. Many works have addressed the attack taxonomy problem, by introducing different ways to classify attacks. However, these classifications are centered around vulnerabilities and have all been designed from the point of view of those defending a system. Nowadays, companies have a growing interest in Penetration Testing activities, as they have proven effective in detecting vulnerabilities. Penetration testers perform their activity by focusing on goals rather than attack types. In this paper we introduce a “goal-centric” methodology to classify attacks in terms of Hacking Goals.
2020
978-3-030-64880-0
978-3-030-64881-7
Hacking Goals: A Goal-Centric Attack Classification Framework / Caturano, F.; Perrone, G.; Romano, S. P.. - 12543:(2020), pp. 296-301. (Intervento presentato al convegno 32nd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2020 tenutosi a ita nel 2020) [10.1007/978-3-030-64881-7_19].
4.1 Articoli in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/914533
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 1
social impact