Changes between Version 48 and Version 49 of ExDescLang


Ignore:
Timestamp:
Oct 18, 2010 3:21:15 PM (14 years ago)
Author:
sunshine
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ExDescLang

    v48 v49  
    118118   [[Image(dnscpobj.jpg)]]
    119119
    120    (in English: There is one attacker node. There is either a fakeIP or fake authority that the attacker wants to inject into the cache, both of type Info. A cache is simply a collection of Info items, one or more. Cache does not reside at the attacker.)
     120   (in English: There is one attacker node. There is either a fakeIP or fake authority that the attacker wants to inject into the cache. The first is of type IPaddress, the second of type DNSname. Both of these types are subtypes of Info, and this is recorded somewhere in the domain knowledge DB. A cache is simply a collection of DNSRecord items, one or more. These are also subtypes of Info and in the domain knowledge DB there's syntax defined for a DNSRecord. Cache does not reside at the attacker.)
    121121
    122122
     
    160160The system now needs to offer me several generators:
    161161
    162  * It should offer a topology generator and map the initial infected set, vulnerable set and leader set to the topology that gets generated.
    163  * It should offer event generator for each of the events: scan, yespeer, wannapeer, leaderis, hello, cmd and report. Specifically for scan, yespeer, wannapeer, hello, cmd and report it should offer traffic generators.  For leaderis it could either offer a traffic generator or an option to hardcode the leader ID into the peer software.
    164  * It should offer a malware generator for vulnerability x
    165 
    166 User either chooses each generator or agrees to use a default one for each choice. User can then manipulate the generators (their parameters) and the workflow. For example the user may add "patched" state after the "infected" one with the "patch" event to make the transition.
     162 * It should offer a topology generator and map the nodes (Auth, Attacker, Server) to the topology that gets generated. Cache has to reside somewhere and it can't be at the attacker or Auth, so it will need an extra node. Note there's a little vagueness here - I said nothing about the server so theoretically cache could go there but it wouldn't make sense since the DNS at the server would know what is this server's IP. So ultimately this would violate some invariant during setup when it would become obvious that the findauth step will never point to Auth since DNS info hard-coded at the Server node has all the right information.
     163 * It should offer event generator for each of the events: query, reply, access, askconfidential. Specifically for query, reply it should offer DNS traffic generators.  For access, askconfidential it should offer HTTP traffic generators.
    167164
    168165= TODO =