Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As society moves further into the digital world, there has been growing concern for the security of the information stored on computers. Finding exploits to evaluate the security of a given system can be a daunting task. Those individuals wishing to test system security need a way to quickly locate relevant exploits and execute them. The May06-11 team will develop a solution that provides a user interface to a central repository of exploits, with the ability to search for, and then execute, specific exploits based on their characteristics. Faculty Advisor Dr. Doug Jacobson Team Members Jeremy Brotherton CprE Brett Mastbergen CprE Timothy Hilby CprE Jasen Stoeker CprE Introduction Project Requirements Resources and Schedules Problem Statement Need to locate and launch computer attacks Should be able to search one location for specific attacks Need simple, easy to use interface Problem Solution Develop web interface to single repository of attacks Users can search and launch attacks from one location Operating Environment The application will run on a set of computers on the ISEAGE network. Users Researchers, students, vendors, and computer professionals. Uses Evaluate the weaknesses in computer systems and network architectures Training users about the effects of various computer attacks Assumptions Maximum number of simultaneous users is twenty Maximum query response time is two seconds The application is being coded using PHP and MySQL Limitations The database will not include all possible attacks or all known attacks Disk usage is proportional to the size of the database This system will not fix vulnerabilities or pinpoint the cause of failure Expected End-Product MySQL database of attacks with a PHP based web front-end Documentation for database setup User’s guide and administrative troubleshooting guide Proposed Approach Research methods for developing web applications using databases Select the technologies for development and implement the application Test the software against client’s expectations Technologies Considered Sequel 2005 using ASP.NET MySQL using PHP Testing Considerations Full statement testing Black box testing from ISEAGE graduate students White box testing from team members Project Schedule Gantt Chart Personnel Efforts Financial Requirements Closing Summary With today’s rapid increase in computer technology the problem of computer security is rising. The ability to create defenses against potential security threats begins with gaining an understanding of how computer networks and computer technologies can be attacked and exploited. The Attack Tool Repository and Player, in conjunction with ISEAGE will provide the ability to quickly, locate and execute a large number of attacks and exploits. The proposed solution will include a web-based search engine capable of searching the attack database. Each attack entry will contain relevant attack information and documentation. This will be tied to a repository that will allow all attacks to be executed from their native platform. Design Objectives To develop a web application for searching a repository of attacks To provide a simple, easy to use interface for one-click launching of attacks To populate the database with an initial set of attacks and allow for future updates To offer the option to download attacks from the repository Functional Requirements Allows users search for and then launch attacks with the click of a button Administrative users will have the ability to add or remove items from the database Supplies users with standardized documentation about each exploit’s usage Ability to download attack code in order to launch an attack manually Design Constraints Software will be platform independent and web-based Users shall be able to launch attacks with a single click The database will contain a variety of attacks The system will not fix vulnerabilities Milestones Project definition End-product design Develop prototype Product testing by team and ISEAGE students Deliver end-product to the client Figure 1. Current prototype Client Information Assurance Center Figure 2. Basic solution architecture Homepage