Attack Tool Repository and Player for ISEAGE

1
Attack Tool Repository and Player for ISEAGE
May06-11
Abstract
Todays world is changing shape as it increases
its dependency on computer technology. As
society moves further into the digital world,
there has been growing concern for the security
of the information stored on computers. Finding
exploits to evaluate the security of a given
system can be a daunting task. Those individuals
wishing to test system security need a way to
quickly locate relevant exploits and execute
them. The May06-11 team will develop a solution
that provides a user interface to a central
repository of exploits, with the ability to
search for, and then execute, specific exploits
based on their characteristics.
Proposed Approach

• Proposed Approach
• Research methods for developing web applications
  using databases
• Select the technologies for development and
  implement the application
• Test the software against clients expectations

Introduction

• Problem Statement
• Need to locate and launch computer attacks
• Should be able to search one location for
  specific attacks
• Need simple, easy to use interface
• Problem Solution
• Develop web interface to single repository of
  attacks
• Users can search and launch attacks from one
  location
• Operating Environment
• The application will run on a set of
  computers on the ISEAGE network.
• Users
• Researchers, students, vendors, and computer
  professionals.
• Uses
• Evaluate the weaknesses in computer systems and
  network architectures
• Training users about the effects of various
  computer attacks
• Assumptions
• Maximum number of simultaneous users is twenty
• Maximum query response time is two seconds
• The application is being coded using PHP and
  MySQL
• Limitations

Figure 2. Basic solution architecture

• Technologies Considered
• Sequel 2005 using ASP.NET
• MySQL using PHP
• Testing Considerations
• Full statement testing
• Black box testing from ISEAGE graduate students
• White box testing from team members

Resources and Schedules
Project Schedule Gantt Chart
Financial Requirements
Personnel Efforts
Closing Summary
Figure 1. Current prototype
With todays rapid increase in computer
technology the problem of computer security is
rising. The ability to create defenses against
potential security threats begins with gaining an
understanding of how computer networks and
computer technologies can be attacked and
exploited. The Attack Tool Repository and
Player, in conjunction with ISEAGE will provide
the ability to quickly, locate and execute a
large number of attacks and exploits. The
proposed solution will include a web-based search
engine capable of searching the attack database.
Each attack entry will contain relevant attack
information and documentation. This will be tied
to a repository that will allow all attacks to be
executed from their native platform.
Project Requirements

• Design Objectives
• To develop a web application for searching a
  repository of attacks
• To provide a simple, easy to use interface for
  one-click launching of attacks
• To populate the database with an initial set of
  attacks and allow for future updates
• To offer the option to download attacks from the
  repository
• Functional Requirements
• Allows users search for and then launch attacks
  with the click of a button
• Administrative users will have the ability to add
  or remove items from the database
• Supplies users with standardized documentation
  about each exploits usage
• Ability to download attack code in order to
  launch an attack manually
• Design Constraints
• Software will be platform independent and
  web-based
• Users shall be able to launch attacks with a
  single click
• The database will contain a variety of attacks
• The system will not fix vulnerabilities
• Milestones
• Project definition
• End-product design
• Develop prototype

Homepage
http//seniord.ece.iastate.edu/may0611/
Client
Information Assurance Center
Faculty Advisor
Dr. Doug Jacobson
Team Members
Jeremy Brotherton CprE bigjermb_at_iastate.edu
Brett Mastbergen CprE siver94_at_iastate.edu
Timothy Hilby CprE steiner_at_iastate.edu Jasen
Stoeker CprE jasen_at_iastate.edu