Calypso
Modern organisations largely depend on networks of computers supporting their business and that motivate cyber adversaries to attack such networks. Cyber attacks, commonly denoted with the CIA acronym (Confidentiality, Integrity, Availability), steal valuable information (confidentiality), alter data (integrity), or make information not available, blocking services and encrypting data (availability). Such attacks, may have significant impacts on an organisation¿s business, assets, reputation and legal liabilities. In the era of Web services, cloud computing and mobile computing, attacks find more and more vulnerable points, causing substantial damages.
The Calypso project aims at providing a platform supporting security operators in the management of cyber incidents, reducing attack detection and response time, investigating and defining new models and solutions aiming at:
A) Modeling the multidimensional characteristics of the attacks or Attack Strategy Vector (ASV) that is at the foundation of innovative Threat Modeling approaches;
B) Detecting the actual attack; and
C) Providing the operators with pieces of information about the actual attack and its possible future evolution.
To achieve these challenging objectives, new correlation algorithms will be researched to analyze and collect data in order to develop innovative threat models and their feasible ASVs. Moreover, an advanced visual analytic environment will be designed to improve the cyber situational awareness of the operators, linking the status of the systems being protected (e.g., system configuration, presence of vulnerabilities, identifiable incidents) to the innovative characteristics of the threat model that are independent of the system (e.g., observable indicators of compromise, exploit targets, etc.) offering new opportunities for visualization to improve operator levels of perception, comprehension and projection, these being the foundations of situation awareness.