Simulating Attack Plans Against ICT Infrastructures

Goal-oriented, rational threat agents attack a complex ICT infrastructure by composing elementary attacks against distinct components into an attack chain or attack plan. To compute statistics on the success probabilities of these plans, we have designed and implemented Haruspex, a tool that implements a Monte Carlo method by simulating the agent plans. A proper set of Haruspex experiments returns a set of data to compute statistics on the agent plans and their success probabilities even before deploying a system. In this way, we can assess with high confidence the robustness of a system and the risk it poses by considering scenarios where it is attacked by a set of agent. To fully automate the assessment, we have developed GVScan, a tool that maps the output of a vulnerability scanning into the inputs of Haruspex. This paper describes both Haruspex and GVScan and their adoption to assess the control plant of a power generation system.