Using SPIN and Eclipse for Optimized High-Level Modeling and Analysis of Computer Network Attack Models [UNPUBLISHED DRAFT]

Advanced network attacks utilize complex, intertwined sequences of events on different hosts instead of just plain vulnerability exploitations. These sequences may contain protocol execution steps, attacker, and administrator actions. We propose a SPIN based approach for formal modeling and analysis of such attack sequences in scenarios where both protocol and network level aspects are relevant. Our approach allows to automatically find typical attack sequences and not yet considered variants in such an environment. The development of scenario models is supported by a modeling framework and the use of the high-level process specification language cTLA. For the purpose of automated analysis, the powerful model-checking tool SPIN is employed and a compiler provides optimized translation of the cTLA model descriptions to Promela. The development of models and analysis experiments are further facilitated by integrating the tools into the Eclipse universal tool platform. We outline the principles of our approach and focus on modeling structure, optimized translation and tool integration.