Search papers, labs, and topics across Lattice.
This paper introduces a Model-Driven Architecture (MDA) approach for automatically generating attack scripts and contexts for cybersecurity training. The approach uses a formal language for Computation Independent Models and the TOSCA standard for Platform Independent Models, enabling the generation of multiple Platform Specific Models from a single high-level description. This automation aims to reduce the cost, time, and technical expertise required for creating cybersecurity exercises, while also improving reusability across platforms.
Automating attack script generation slashes the overhead of cybersecurity training exercises, making hands-on learning more accessible and scalable.
It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To mitigate these drawbacks, this research work proposes an approach that automatically generates scripts and attack contexts based on informal attack scenario descriptions. To isolate business concerns from technological issues, our approach is aligned with the MDA development method. A formal language is proposed to express our Computation Independent model. We rely on the TOSCA standard to describe our Platform Independent Model. We also allow through our approach the generation of several Platform Specific Models. Hence, this research work contributes not only to the overall improvement of attack implementations for cybersecurity training but also to their reuse on various platforms.
