The attacker poisons a DNS cache to take over authority for a given domain. The attacker then creates a phishing page and tries to steal user's usernames/passwords. There are two classes of experiments that need to be combined: a. an experiment where a DNS cache is poisoned, subclass of cache poisoning experiments b. an experiment where a phishing attack is conducted via a Web page to steal usernames/passwords == Example 2: DNS cache poisoning for phishing == This example used two metadescriptions. Let's go through each of them. This example is written in [CurrentlyProposedLanguage]. === Cache poisoning metadescription === '''define cachePoisoning:''' '''Logical topology:''' '''Objects:''' Attacker extends Node Name, fakeResource extends String Cache extends Object Cache := {String[] records} '''Cardinality:''' |Attacker|,,1,, |Name|,,1,, |fakeResource|,,1,, |Cache|,,1,, '''Relationships:''' not collocated(Cache, Attacker) '''Timeline of events: ''' '''Definitions:''' Attacker a, Cache c, Name n, fakeResource fr e1 := {type = REPLY, origin = a, destination = c, content = (n=fr)} s1 := {c.records += (n=fr)} '''Timeline:''' e1 -> s1 '''Invariants:''' Nothing in addition to the topology and timeline above. === DNS Cache poisoning metadescription === This is a special case of cache poisoning where the target is DNS cache. '''define DNSCachePoisoning: import cachePoisoning cp''' '''Logical topology:''' '''Objects:''' Auth extends Node (Name extends DNSName, Name := cp.Name, fakeIP extends IPAddress, FakeIP := cp.fakeResource) xor (Name extends DNSName, domain(Name) := cp.Name, fakeAuth extends DNSName, fakeAuth := cp.fakeResource) RealIP extends IPAddress victimCache extends Object, victimCache := cp.Cache victimCache := {DNSRecord[] records} authCache extends Object authCache := {DNSRecord[] records = {Name=RealIP, auth(domain(Name)) = Auth} '''Cardinality:''' |Auth|,,1,, |RealIP|,,1,, |authCache|,,1,, '''Relationships:''' not collocated(victimCache, Auth) collocated(authCache, Auth) '''Timeline of events: ''' '''Definitions:''' DNSREQUEST extends REQUEST DNSREPLY extends REPLY Attacker att, Auth auth, Name n, FakeIP fIP, fakeAuth fauth, RealIP rIP, victimCache vc, authCache ac e1 := {type = DNSREQUEST, origin = att, destination = vc, content = IP(n)?} e2 := {type = DNSREQUEST, origin = vc, destination = auth, content = IP(n)?} e3 := {type = DNSREPLY, origin = auth, destination = vc, content = {n=rIP}} e4 := {type = DNSREPLY, origin = auth, destination = vc, content = {n=unknown}} e5 := cp.e1, e5 := {type = DNSREPLY, origin = att, destination = vc, content = {auth(domain(n)) = fakeAuth}} s1 := cp.s1, s1 := {vc.records += (auth(domain(n)) = fakeAuth)} e6 := cp.e1, e6 := {type = DNSREPLY, origin = att, destination = vc, content = {n=fIP}} s2 := cp.s1, s1 := {vc.records += (n=fIP)} '''Timeline:''' e1 -> e2 -> (e5 | matches(e5,e2) -> s1 -> e4 xor e6 | matches(e6, e2) -> s2 -> e3) '''Invariants:''' Nothing in addition to the topology and timeline above. === Confidential access metadescription === The phishing attempt is essentially same as presenting a valid page to the user that asks for confidential info - it's just that the location of that page is not as user expected. '''define confidentialAccess:''' '''Logical topology:''' '''Objects:''' User extends Human Server extends webServer Page extends webPage Public, Confidential extends String '''Cardinality:''' |User|,,1,,    |Server|,,1,, |Page|,,>=1,, |Public|,,1,, |Confidential|,,1,, '''Relationships:'''    collocated(Page, Server) '''Timeline of events: ''' '''Definitions:''' User u, Server s, Public p, Confidential c, Page wp e1 := {type = WEBREQUEST, origin = u, destination = s, content = url(wp)} e2 := {type = WEBREQUEST, origin = s, destination = u, content = (public?, confidential?)} e3 := {type = WEBREPLY, origin = u, destination = s, content = (public=x, confidential=y)} e4 := {type = WEBREPLY, origin = s, destination = u, content = wp} '''Timeline:''' e1 -> e2 -> e3 -> if (x == p and y == c) then e4 '''Invariants:''' Nothing in addition to the topology and timeline above. === Experiment design === Now I'm a user who wants to design an experiment. I need to combine two metadescriptions (DNS cache poisoning and phishing) and somehow tie them down to generator choices. To combine I'll do something like this: '''define Phishing: import DNSCachePoisoning dcp, confidentialAccess ca'' '''Logical topology:''' '''Objects:''' dcp.FakeIP := ip(ca.Server) '''Cardinality:''' '''Relationships:''' '''Timeline of events: ''' '''Definitions:''' '''Timeline:''' timeline(dcp) -> timeline(ca) '''Invariants:''' Nothing in addition to the topology and timeline above.