Using TOSCA Service Templates for Attack Simulation

Lukas Schönegge


To reduce costs, the mobile telecommunication industry started to use Network Functions Virtualization instead of specialized devices. The description of such a virtualized service is usually done with the TOSCA standard. A TOSCA Service Template describes the components of a service and their topology.
From a security perspective, the change to virtualization created more complex products with a faster pace of delivery. Therefore, existing solutions for security assessment become increasingly challenging in terms of time and cost.

This thesis presents a concept to derive a model for an attack simulation from a TOSCA Service Template. A proof of concept implementation showed that this can be done automatically in three stages. First, the Service Template topology is parsed and represented as an in-memory graph. Second, a model is created in the domain specific language coreLang. The translation from TOSCA to coreLang is done with dictionaries. Additional information about vulnerabilities affecting included software components, the deployment context, and attacker entry points complete the model. These steps work automatically without user interaction for any given Service Template. Finally, to create an attack simulation, the model is exported as file that can be used in the program securiCAD for probabilistic information about which elements are likely to be attacked.
The quality of the attack simulation depends on the information in the Service Template. Especially, the information about included software components is critical to derive vulnerabilities. However, the TOSCA standard does not provide a consistent way of annotating the Service Template components.
Nevertheless, this work contributes towards the automation of security assessments that supports developers and product owners in decision processes.