Changes between Version 10 and Version 11 of CachePoisonExample


Ignore:
Timestamp:
Nov 5, 2010 3:28:24 PM (14 years ago)
Author:
sunshine
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • CachePoisonExample

    v10 v11  
    99=== Cache poisoning metadescription ===
    1010
    11 
     11 define CachePoisoning:
    1212 * '''Logical topology:'''
    1313
     
    5757  This is a special case of cache poisoning where the target is DNS cache.
    5858
     59define DNSCachePoisoning: import CachePoisoning cp
    5960 * '''Logical topology:'''
    6061
    6162  '''Objects:'''
    6263
    63     Attacker extends Node
    64 
    6564    Auth extends Node
    6665
    67     Name extends DNSName
     66    (Name extends DNSName, Name := cp.Name, fakeIP extends IPAddress, FakeIP := cp.fakeResource) xor
     67
     68    (Name extends DNSName, domain(Name) := cp.Name, fakeAuth extends DNSName,  fakeAuth := cp.fakeResource)
    6869
    6970    RealIP extends IPAddress
    7071
    71     FakeIP extends IPAddress or fakeAuth extends DNSName
    72 
    73     victimCache extends Object
     72    victimCache extends Object, victimCache := cp.Cache
    7473 
    7574    victimCache := {DNSRecord[] records}
     
    8180  '''Cardinality:'''
    8281
    83     |Attacker|,,1,,
    8482
    8583    |Auth|,,1,,
    8684
    87     |Name|,,1,,
    88 
    89     |FakeIP|,,1,,
    90 
    91     |fakeAuth|,,1,,
    92 
    9385    |RealIP|,,1,,
    9486
    95     |victimCache|,,1,,
    96 
    9787    |authCache|,,1,,
    9888
    9989  '''Relationships:'''
    10090
    101     not collocated(victimCache, Attacker)
    102 
    10391    not collocated(victimCache, Auth)
    10492 
     
    11098  '''Definitions:'''
    11199
     100    DNSREQUEST extends REQUEST
     101
     102    DNSREPLY extends REPLY
     103
    112104    Attacker att, Auth auth, Name n, FakeIP fIP, fakeAuth fauth, RealIP rIP, victimCache vc, authCache ac
    113105
     
    120112      e4 := {type = DNSREPLY, origin = auth, destination = vc, content = {n=unknown}}
    121113
    122       e5 := {type = DNSREPLY, origin = att, destination = vc, content = {auth(domain(n)) = dnsname(fakeAuth)}}
     114      e5 := {type = DNSREPLY, origin = att, destination = vc, content = {auth(domain(n)) = fakeAuth}}
    123115
    124116      s1 := {vc.records += (auth(domain(n)) = fakeAuth)}
     
    130122  '''Timeline:'''
    131123
    132       e1 -> e2 -> (e5 -> s1 -> e4 xor e6 -> s2 -> e3)
     124      e1 -> e2 -> (e5 | matches(e5,e2) -> s1 -> e4 xor e6 | matches(e6, e2) -> s2 -> e3)
    133125
    134126
     
    139131   The phishing attempt is essentially same as presenting a valid page to the user that asks for confidential info - it's just that the location of that page is not as user expected.
    140132
     133define ConfidentialAccess:
    141134
    142135 * '''Logical topology:'''
     
    192185
    193186Now I'm a user who wants to design an experiment. I need to combine two metadescriptions (DNS cache poisoning and phishing) and somehow tie them down to generator choices. To combine I'll do something like this:
     187
     188define Phishing: import DNSCachePoisoning dcp, ConfidentialAccess ca
    194189 
    195   DNSCachePoisoning dcp, confidentialAccess ca
     190* '''Logical topology:'''
     191
     192  '''Objects:'''
     193    dcp.FakeIP := ip(ca.Server)
     194
     195  '''Cardinality:'''
     196
     197  '''Relationships:'''
     198
     199 * '''Timeline of events: '''
     200
     201  '''Definitions:'''
     202
     203  '''Timeline:'''
     204
     205      timeline(dcp) -> timeline(ca)
     206 
     207
     208 * '''Invariants:'''    Nothing in addition to the topology and timeline above.
     209
    196210 
    197     dcp.FakeIP := ip(ca.Server)
    198  
    199     dcp -> ca
    200  
     211