I am working on a project developing a model of a Linux operating system using the pwnPr3d language. The model should contain all important parts of the chosen Linux distribution, including core applications, services and daemons, the network stack, the access control system, standard users (root, guest, etc.), file system, important data (password files, for instance), etc. There are probably other important parts of the system that I did not think of right now, but that needs to be identified as a part of this project.
The model should be able to accurately predict whether a given Linux installation is susceptible to, at least, the following set of attacks:
1. ARP spoofing
2. Password brute forcing
3. Encryption brute forcing
4. Buffer overflows
5. Privilege escalation
6. Sandbox escape
7. Man in the browser
8. Remote Access Trojan
10. Exploitation of known weaknesses in programs
12. Service Vulnerabilities
13. Application Vulnerabilities
14. Denial of servides
The metamodel is designed in Java, hence using this metamodel comes down to instantiating the java classes that composes it.
The main tools for this assignment are the elements of Layer-1. It
should be seen as fundamental parts of which any component is made. in package "layer2", we have been using layer1 so far to model more complex components such as
network stack and operating system. In layer3, we use elements of layer2
to model real-life products (however, they are far from being complete,
view them as starting point only).
The expected contribution is to create a class in layer3 that
represents the chosen linux distribution. This class should be a
specialization of "OperatingSystem" from layer2, and should be composed
of sub-components (core applications, services and daemons, the network
stack, the access control system, ..), themselves modeled with either
layer2 subsub-components or with layer1 elements if they cannot be
refined. It means that there will probably be need to add/modify components
in layer2 as well to suit the goal.
In other word, the task is to model the architecture of the linux distribution with the pwnpr3d modeling language. This architecture should be detailed enough so that it is possible to accurately predict the set of attacks listed earlier.Attachments