We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Scored Attack Paths - FIWARE Forge Wiki

Scored Attack Paths

From FIWARE Forge Wiki

Jump to: navigation, search


Brief Description

The Scored Attack Paths offers an assessment tool that allows users to obtain the attack paths existing in an attack graph, along with their respective individual scores. The score of each attack path allows to assess the risk value and business impact for the target associated to the attack path.

The Scored Attack Paths is aimed at users who want to either:

  • Utilize the Remediation asset
  • Evaluate the situation of their IT infrastructure from the security and business impact viewpoint
  • Improve the security configurations through what-if analysis

For all of these actions the user will follow a similar pattern of selecting the attack graph input, setting the scoring parameters, and make the tasks related to the other assets that are in relation with Scored Attack Paths.

Programming artifacts

Methods offered to administrators

  • Add new attack graph
  • Select normalisation method
  • Select scoring method

Technologies Used

Scored Attack Paths utilizes the following technologies in the repository asset:

  • Berkeley XML Database

The Berkeley DB XML database specializes in the storage of XML documents, supporting XQuery via XQilla. It is implemented as an additional layer on top of (a legacy version of) Berkeley DB and the Xerces library.

  • JDOM

JDOM is an open source Java-based document object model for XML that was designed specifically for the Java platform in order to exploit its language features.

  • Apache Commons

Commons Math is a library of lightweight, self-contained mathematics and statistics components addressing the most common problems not available in the Java programming language or Commons Lang.

The following asset is used to implement the visualisations:

  • The Visualisation Framework

Runtime Pre-requisites

Scored Attack Paths is specified to retrieve data from attack graph stored in Berkeley DB XML database, and impact metrics from the Model Repository.


There are no patents relating to this asset. However, it is the property of Thales France. The product will be licensed under FRAND (Fair Reasonable and Non-Discriminatory) terms according to the pre-requisites of the FI-PPP program.

Publicly available documentation

  • FP7 PoSecCo project (http://www.posecco.eu/). The main reference report for this asset is Normal 0 21 false false false FR X-NONE X-NONE MicrosoftInternetExplorer4 WD4.5 Autonomous assessment and remediation .
Personal tools
Create a book