Cyber Kill Chain
Lockheed Martin offer a Cyber Kill Chain® framework for cyber security. For those not familiar with the aggressive terminology of the military, such terms can sound confronting, but the "kill chain" from which Lockheed Martin's propitiatory framework is derived is simply the military version of a decision making loop: first investigate the problem, then select a course of action, act and then assess the results before going around the loop again.
Some of the research carried out by the military is in the public domain. Australia's Defence Science and Technology Organisation (DSTO ) produce occasional papers on cyber security. One is McNally, Yiu, Groveand Gerhardy's "Fuzzing: the state of the art" (2012). As the authors explain, fuzzing is a software testing technique which uses test data generated by one program to test another program. This can be used, for example, for penetration testing, where many tests of passwords could be used to see if access is gained to a system.
This paper starts with the origins of the technique for testing UNIX utilities at University of Wisconsin-Maddison by Professor Barton Miller’s students. The paper provides a detailed discussion of more recent techniques. This is perhaps a little too detailed. Like many DSTO papers, at 55 pages, this is more than you need for a brief overview, so the casual reader might want just the introduction and conclusion.
References
McNally, R., Yiu, K., Grove, D., & Gerhardy, D. (2012). Fuzzing: the state of the art (No. DSTO-TN-1043). DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION EDINBURGH (AUSTRALIA). Retrieved from http://www.dtic.mil/dtic/tr/fulltext/u2/a558209.pdf
No comments:
Post a Comment