Malicious Activity Simulation Tool (MAST) and Trust.

摘要

Malicious Activity Simulation Tool (MAST) provides an on-the-job-training medium for information system operators to practice responding to cyber threats simulated on the operational information systems that they manage day-to-day. Because MAST has the capability to simulate various cyber attacks, it is important to measure the risk the system poses to the information systems on which it will operate. This thesis analyzes MAST s security posture and proposes potential solutions to any vulnerability discovered in that analysis. The analysis is based on a Security Control Assessment (SCA) utilizing the Defense Information Systems Agency Application Security and Development Security Technical Implementation Guide. Following the SCA, a threat model is used to determine mitigations to technical findings. Outputs from this research will enable a more secure implementation of MAST.